diff --git a/src/hooks.server.ts b/src/hooks.server.ts
index 22e93f9..04af0b6 100644
--- a/src/hooks.server.ts
+++ b/src/hooks.server.ts
@@ -1,9 +1,10 @@
-import type { Handle } from '@sveltejs/kit';
+import { redirect, type Handle } from '@sveltejs/kit';
+import { sequence } from '@sveltejs/kit/hooks';
 import { building } from '$app/environment';
 import { auth } from '$lib/server/auth';
 import { svelteKitHandler } from 'better-auth/svelte-kit';
 
-const handleBetterAuth: Handle = async ({ event, resolve }) => {
+const authSessionHook: Handle = async ({ event, resolve }) => {
 	const session = await auth.api.getSession({ headers: event.request.headers });
 
 	if (session) {
@@ -11,7 +12,37 @@ const handleBetterAuth: Handle = async ({ event, resolve }) => {
 		event.locals.user = session.user;
 	}
 
+	return resolve(event);
+};
+
+const authRedirectHook: Handle = async ({ event, resolve }) => {
+	// Skip redirects for auth API routes to prevent infinite loops
+	if (event.url.pathname.startsWith('/api/auth')) {
+		return resolve(event);
+	}
+
+	const publicRoutes = ['/login'];
+	const isPublicRoute = publicRoutes.some((route) => event.url.pathname === route);
+
+	// Redirect to login page if logged out
+	if (!isPublicRoute && !event.locals.session) {
+		redirect(303, '/login');
+	}
+
+	// Redirect to dashboard if logged in
+	if (event.url.pathname === '/login' && event.locals.session) {
+		redirect(303, '/');
+	}
+
+	return resolve(event);
+};
+
+const betterAuthHook: Handle = async ({ event, resolve }) => {
 	return svelteKitHandler({ event, resolve, auth, building });
 };
 
-export const handle: Handle = handleBetterAuth;
+export const handle: Handle = sequence(
+	authSessionHook,
+	authRedirectHook,
+	betterAuthHook
+);