diff --git a/apps/api/src/auth/base.ts b/apps/api/src/auth/base.ts
index 5f431405..687b67d4 100644
--- a/apps/api/src/auth/base.ts
+++ b/apps/api/src/auth/base.ts
@@ -6,7 +6,7 @@ import { obscureEmail } from '../emails.js'
 import { comparePassword, hashPassword, isValidPassword } from '../password.js'
 import properties from '../properties.js'
 import { IOServer } from '../websocket/index.js'
-import { callbackUrlSchema, cookieOptions } from './index.js'
+import { cookieOptions } from './index.js'
 import {
   authenticationMiddleware,
   createAuthToken,
@@ -137,14 +137,18 @@ export default function getRouter<H extends ApiUser>(
 
   router.post('/sign-in/password', async (req, res) => {
     const payload = z
-      .object({ email: z.string().trim().email(), password: z.string() })
+      .object({
+        email: z.string().trim().email(),
+        password: z.string(),
+        callback: z.string().optional(),
+      })
       .safeParse(req.body)
     if (!payload.success) {
       res.status(400).end()
       return
     }
 
-    const { email, password } = payload.data
+    const { email, password, callback } = payload.data
 
     const user = await prisma().user.findUnique({
       where: { email },
@@ -164,7 +168,10 @@ export default function getRouter<H extends ApiUser>(
       return
     }
 
-    const loginLink = createLoginLink(user.id, config.FRONTEND_URL)
+    const loginLink = createLoginLink(
+      user.id,
+      `${config.FRONTEND_URL}/${callback ?? ''}`
+    )
 
     res.json({ email: obscureEmail(user.email), loginLink })
   })
@@ -184,16 +191,9 @@ export default function getRouter<H extends ApiUser>(
     })
   })
 
-  router.get('/logout', authenticationMiddleware, async (req, res) => {
-    const query = z.object({ callback: callbackUrlSchema }).safeParse(req.query)
-    if (!query.success) {
-      res.status(400).end()
-      return
-    }
-
+  router.get('/logout', async (_req, res) => {
     res.clearCookie('token')
-
-    res.redirect(query.data.callback)
+    res.redirect(config.FRONTEND_URL)
   })
 
   return router
diff --git a/apps/api/src/auth/index.ts b/apps/api/src/auth/index.ts
index ce9a2f31..012b93e3 100644
--- a/apps/api/src/auth/index.ts
+++ b/apps/api/src/auth/index.ts
@@ -1,4 +1,3 @@
-import { z } from 'zod'
 import { CookieOptions } from 'express'
 import { config } from '../config/index.js'
 import parseDuration from 'parse-duration'
@@ -7,12 +6,6 @@ import getBaseRouter from './base.js'
 
 const JWT_EXPIRATION_MS = parseDuration(config().AUTH_JWT_EXPIRATION)
 
-export const callbackUrlSchema = z
-  .string()
-  .trim()
-  .url()
-  .refine((url) => new URL(url).origin === config().FRONTEND_URL)
-
 export const cookieOptions: CookieOptions = {
   httpOnly: true,
   secure: config().NODE_ENV === 'production' && !config().ALLOW_HTTP,
diff --git a/apps/api/src/auth/token.ts b/apps/api/src/auth/token.ts
index 5490071d..1dde2783 100644
--- a/apps/api/src/auth/token.ts
+++ b/apps/api/src/auth/token.ts
@@ -147,7 +147,7 @@ export async function authenticationMiddleware(
   try {
     const session = await sessionFromCookies(req.cookies)
     if (!session) {
-      res.status(401).end()
+      res.status(401).json('Unauthorized')
       return
     }
 
@@ -156,12 +156,12 @@ export async function authenticationMiddleware(
     next()
   } catch (err) {
     if (err instanceof jwt.JsonWebTokenError) {
-      res.status(403).send('Invalid token')
+      res.status(403).json('Forbidden')
       return
     }
 
     req.log.error({ err }, 'Error verifying token')
-    res.status(500).end()
+    res.status(500).json('Internal server error')
   }
 }
 
diff --git a/apps/api/src/websocket/workspace/documents.ts b/apps/api/src/websocket/workspace/documents.ts
index 31aca87f..b29eedaa 100644
--- a/apps/api/src/websocket/workspace/documents.ts
+++ b/apps/api/src/websocket/workspace/documents.ts
@@ -1,8 +1,15 @@
-import { getDocument, listDocuments } from '@briefer/database'
+import { createDocument, getDocument, listDocuments } from '@briefer/database'
 import { IOServer, Socket } from '../index.js'
 
 export async function emitDocuments(socket: Socket, workspaceId: string) {
-  const documents = await listDocuments(workspaceId)
+  let documents = await listDocuments(workspaceId)
+  if (documents.length === 0) {
+    await createDocument(workspaceId, {
+      orderIndex: 0,
+      version: 2,
+    })
+    documents = await listDocuments(workspaceId)
+  }
 
   socket.emit('workspace-documents', { workspaceId, documents })
 }
diff --git a/apps/web/src/components/BannedPage.tsx b/apps/web/src/components/BannedPage.tsx
deleted file mode 100644
index 73c89ebd..00000000
--- a/apps/web/src/components/BannedPage.tsx
+++ /dev/null
@@ -1,9 +0,0 @@
-const BannedPage = () => {
-  return (
-    <div className="h-full w-full flex items-center justify-center">
-      <h1>Account inactive. Please contact us.</h1>
-    </div>
-  )
-}
-
-export default BannedPage
diff --git a/apps/web/src/components/Comments.tsx b/apps/web/src/components/Comments.tsx
index d699a4f6..6da90f8b 100644
--- a/apps/web/src/components/Comments.tsx
+++ b/apps/web/src/components/Comments.tsx
@@ -20,7 +20,7 @@ interface Props {
   onHide: () => void
 }
 export default function Comments(props: Props) {
-  const session = useSession()
+  const session = useSession({ redirectToLogin: true })
   const [comments, { createComment }] = useComments(props.documentId)
   const [content, setContent] = useState('')
 
diff --git a/apps/web/src/components/Dashboard/index.tsx b/apps/web/src/components/Dashboard/index.tsx
index 4240e3ee..fab31c50 100644
--- a/apps/web/src/components/Dashboard/index.tsx
+++ b/apps/web/src/components/Dashboard/index.tsx
@@ -1,5 +1,5 @@
 import * as Y from 'yjs'
-import { useCallback, useEffect, useMemo, useState } from 'react'
+import { useCallback, useMemo, useState } from 'react'
 import { SquaresPlusIcon } from '@heroicons/react/24/solid'
 import { BookUpIcon } from 'lucide-react'
 import { EyeIcon } from '@heroicons/react/24/outline'
@@ -28,12 +28,12 @@ import Files from '../Files'
 import { PublishBlinkingSignal } from '../BlinkingSignal'
 import { Tooltip } from '../Tooltips'
 import { NEXT_PUBLIC_PUBLIC_URL } from '@/utils/env'
-import useWebsocket from '@/hooks/useWebsocket'
 import { SQLExtensionProvider } from '../v2Editor/CodeEditor/sql'
+import { SessionUser } from '@/hooks/useAuth'
 
 interface Props {
   document: ApiDocument
-  userId: string
+  user: SessionUser
   role: UserWorkspaceRole
   isEditing: boolean
   publish: () => Promise<void>
@@ -45,12 +45,12 @@ export default function Dashboard(props: Props) {
       return props.document.clock
     }
 
-    return props.document.userAppClock[props.userId] ?? props.document.appClock
+    return props.document.userAppClock[props.user.id] ?? props.document.appClock
   }, [
     props.isEditing,
     props.document.clock,
     props.document.userAppClock,
-    props.userId,
+    props.user,
   ])
 
   const { yDoc, syncing, isDirty } = useYDoc(
@@ -58,7 +58,7 @@ export default function Dashboard(props: Props) {
     props.document.id,
     !props.isEditing,
     clock,
-    props.userId,
+    props.user.id,
     props.document.publishedAt,
     true,
     null
@@ -74,7 +74,6 @@ export default function Dashboard(props: Props) {
   const aiTasks = useMemo(() => AITasks.fromYjs(yDoc), [yDoc])
 
   const router = useRouter()
-  const socket = useWebsocket()
 
   const onPublish = useCallback(async () => {
     if (props.publishing) {
@@ -232,6 +231,7 @@ export default function Dashboard(props: Props) {
     <Layout
       topBarClassname={!props.isEditing ? 'bg-gray-50' : undefined}
       topBarContent={topBarContent}
+      user={props.user}
     >
       <div className="w-full flex relative subpixel-antialiased bg-dashboard-gray">
         <div className="w-full flex flex-col relative">
@@ -264,7 +264,7 @@ export default function Dashboard(props: Props) {
             disabled={false}
             yDoc={yDoc}
             primary={true}
-            userId={props.userId}
+            userId={props.user.id}
             executionQueue={executionQueue}
           />
         )}
@@ -296,7 +296,7 @@ export default function Dashboard(props: Props) {
               workspaceId={props.document.workspaceId}
               visible={selectedSidebar === 'files'}
               onHide={onHideSidebar}
-              userId={props.userId}
+              userId={props.user.id}
               yDoc={yDoc}
               executionQueue={executionQueue}
             />
@@ -348,7 +348,7 @@ function DashboardContent(
         latestBlockId={latestBlockId}
         isEditing={props.isEditing}
         userRole={props.role}
-        userId={props.userId}
+        userId={props.user.id}
         executionQueue={props.executionQueue}
         aiTasks={props.aiTasks}
       />
@@ -359,7 +359,7 @@ function DashboardContent(
           yDoc={props.yDoc}
           onDragStart={onDragStart}
           onAddBlock={onAddBlock}
-          userId={props.userId}
+          userId={props.user.id}
           executionQueue={props.executionQueue}
           aiTasks={props.aiTasks}
         />
diff --git a/apps/web/src/components/Layout.tsx b/apps/web/src/components/Layout.tsx
index 9f1eab56..6b9528ef 100644
--- a/apps/web/src/components/Layout.tsx
+++ b/apps/web/src/components/Layout.tsx
@@ -30,17 +30,14 @@ import { useRouter } from 'next/router'
 import { Page } from '@/components/PagePath'
 import { useDocuments } from '@/hooks/useDocuments'
 import { useFavorites } from '@/hooks/useFavorites'
-import { useWorkspaces } from '@/hooks/useWorkspaces'
 import { useStringQuery } from '@/hooks/useQueryArgs'
-import { useSession, useSignout } from '@/hooks/useAuth'
+import { SessionUser, useSession, useSignout } from '@/hooks/useAuth'
 import { CpuChipIcon } from '@heroicons/react/24/solid'
 import type { UserWorkspaceRole } from '@briefer/database'
 import ReactDOM from 'react-dom'
 import useDropdownPosition from '@/hooks/dropdownPosition'
 import DocumentTree from './DocumentsTree'
 import useSideBar from '@/hooks/useSideBar'
-import { isBanned } from '@/utils/isBanned'
-import BannedPage from './BannedPage'
 import { SubscriptionBadge } from './SubscriptionBadge'
 import MobileWarning from './MobileWarning'
 import { DataSourceBlinkingSignal } from './BlinkingSignal'
@@ -109,6 +106,7 @@ interface Props {
   topBarClassname?: string
   topBarContent?: React.ReactNode
   hideOnboarding?: boolean
+  user: SessionUser
 }
 
 export default function Layout({
@@ -116,10 +114,9 @@ export default function Layout({
   pagePath,
   topBarClassname,
   topBarContent,
+  user,
   hideOnboarding,
 }: Props) {
-  const session = useSession()
-
   const [isSearchOpen, setSearchOpen] = useState(false)
   useHotkeys(['mod+k'], () => {
     setSearchOpen((prev) => !prev)
@@ -137,21 +134,6 @@ export default function Layout({
   const workspaceId = useStringQuery('workspaceId')
   const documentId = useStringQuery('documentId')
 
-  const [{ data: workspaces, isLoading: isLoadingWorkspaces }] = useWorkspaces()
-
-  const signOut = useSignout()
-  useEffect(() => {
-    const workspace = workspaces.find((w) => w.id === workspaceId)
-
-    if (!workspace && !isLoadingWorkspaces) {
-      if (workspaces.length > 0) {
-        router.replace(`/workspaces/${workspaces[0].id}/documents`)
-      } else {
-        signOut()
-      }
-    }
-  }, [workspaces, isLoadingWorkspaces, signOut])
-
   const [
     documentsState,
     {
@@ -270,14 +252,14 @@ export default function Layout({
         return false
       }
 
-      const role = session.data?.roles[workspaceId]
+      const role = user.roles[workspaceId]
       if (!role) {
         return false
       }
 
       return item.allowedRoles.has(role)
     },
-    [session.data, workspaceId]
+    [user, workspaceId]
   )
 
   const scrollRef = useRef<HTMLDivElement>(null)
@@ -303,11 +285,6 @@ export default function Layout({
     }
   }, [workspaceId, scrollRef])
 
-  const userEmail = session.data?.email
-  if (userEmail && isBanned(userEmail)) {
-    return <BannedPage />
-  }
-
   return (
     <div className={`flex w-full h-full ${syne.className}`}>
       <MobileWarning />
@@ -348,7 +325,7 @@ export default function Layout({
                 onFavorite={onFavoriteDocument}
                 onUnfavorite={onUnfavoriteDocument}
                 onSetIcon={onSetIcon}
-                role={session.data?.roles[workspaceId] ?? 'viewer'}
+                role={user.roles[workspaceId] ?? 'viewer'}
                 flat={true}
                 onCreate={onCreateDocument}
                 onUpdateParent={onUpdateDocumentParent}
@@ -376,7 +353,7 @@ export default function Layout({
                     />
                   </button>
 
-                  {session.data?.roles[workspaceId] !== 'viewer' && (
+                  {user.roles[workspaceId] !== 'viewer' && (
                     <button
                       onClick={onCreateDocumentHandler}
                       className="p-1 hover:text-ceramic-500 hover:bg-ceramic-100/70 rounded-md hover:cursor-pointer"
@@ -396,7 +373,7 @@ export default function Layout({
                 onFavorite={onFavoriteDocument}
                 onUnfavorite={onUnfavoriteDocument}
                 onSetIcon={onSetIcon}
-                role={session.data?.roles[workspaceId] ?? 'viewer'}
+                role={user.roles[workspaceId] ?? 'viewer'}
                 onCreate={onCreateDocument}
                 onUpdateParent={onUpdateDocumentParent}
               />
@@ -443,10 +420,10 @@ export default function Layout({
                   className="text-gray-500 hover:bg-ceramic-100/80 group text-sm font-medium leading-6 w-full flex py-1 rounded-sm hover:text-ceramic-600"
                 >
                   <div className="w-full flex items-center gap-x-2 px-4">
-                    {session.data?.picture ? (
+                    {user.picture ? (
                       <img
                         className="h-4 w-4 rounded-full"
-                        src={session.data.picture}
+                        src={user.picture}
                         referrerPolicy="no-referrer"
                       />
                     ) : (
@@ -454,7 +431,7 @@ export default function Layout({
                     )}
                     <span className="sr-only">Your profile</span>
                     <span aria-hidden="true" className="mt-0.5">
-                      {session.data?.name}
+                      {user.name}
                     </span>
                   </div>
                   <UserDropdown workspaceId={workspaceId} />
diff --git a/apps/web/src/components/PrivateDocumentPage.tsx b/apps/web/src/components/PrivateDocumentPage.tsx
index f1b3013f..faee2b90 100644
--- a/apps/web/src/components/PrivateDocumentPage.tsx
+++ b/apps/web/src/components/PrivateDocumentPage.tsx
@@ -4,7 +4,7 @@ import { useDataSources } from '@/hooks/useDatasources'
 import useDocument from '@/hooks/useDocument'
 import { useCallback, useMemo, useState } from 'react'
 import { useRouter } from 'next/router'
-import type { ApiDocument, ApiUser, UserWorkspaceRole } from '@briefer/database'
+import type { ApiDocument } from '@briefer/database'
 import { isNil } from 'ramda'
 import ShareDropdown from './ShareDropdown'
 import { useDocuments } from '@/hooks/useDocuments'
@@ -33,6 +33,7 @@ import { NEXT_PUBLIC_PUBLIC_URL } from '@/utils/env'
 import ReusableComponents from './ReusableComponents'
 import PageSettingsPanel from './PageSettingsPanel'
 import { AITasks, ExecutionQueue } from '@briefer/editor'
+import { SessionUser } from '@/hooks/useAuth'
 
 // this is needed because this component only works with the browser
 const V2Editor = dynamic(() => import('@/components/v2Editor'), {
@@ -42,7 +43,7 @@ const V2Editor = dynamic(() => import('@/components/v2Editor'), {
 interface Props {
   workspaceId: string
   documentId: string
-  user: ApiUser & { roles: Record<string, UserWorkspaceRole> }
+  user: SessionUser
   isApp: boolean
 }
 export default function PrivateDocumentPage(props: Props) {
@@ -53,7 +54,7 @@ export default function PrivateDocumentPage(props: Props) {
 
   if (!document) {
     return (
-      <Layout>
+      <Layout user={props.user}>
         <div className="w-full flex justify-center">
           <div className={clsx(widthClasses, 'py-20')}>
             <TitleSkeleton visible />
@@ -342,6 +343,7 @@ function PrivateDocumentPageInner(
     <Layout
       topBarClassname={props.isApp ? 'bg-gray-50' : undefined}
       topBarContent={topBarContent}
+      user={props.user}
     >
       <div className="w-full relative flex">
         <V2Editor
diff --git a/apps/web/src/components/Telemetry.tsx b/apps/web/src/components/Telemetry.tsx
index 199363a4..fe4c68da 100644
--- a/apps/web/src/components/Telemetry.tsx
+++ b/apps/web/src/components/Telemetry.tsx
@@ -4,7 +4,7 @@ import { usePostHog } from 'posthog-js/react'
 
 export default function Telemetry() {
   const posthog = usePostHog()
-  const session = useSession()
+  const session = useSession({ redirectToLogin: false })
 
   useEffect(() => {
     posthog.init('phc_hHNB1GN3QFdyn0eMH6VW4dNezbXsbSq4PE5PcL9xbju', {
diff --git a/apps/web/src/components/onboarding/steps.tsx b/apps/web/src/components/onboarding/steps.tsx
index 155180e0..dadec9d1 100644
--- a/apps/web/src/components/onboarding/steps.tsx
+++ b/apps/web/src/components/onboarding/steps.tsx
@@ -167,7 +167,7 @@ export const DataSourceStep = () => {
 }
 
 export const ActivateTrialStep = () => {
-  const session = useSession()
+  const session = useSession({ redirectToLogin: true })
   const email = session.data?.email
 
   return (
diff --git a/apps/web/src/hooks/useAuth.ts b/apps/web/src/hooks/useAuth.ts
index 45402eca..cca8881c 100644
--- a/apps/web/src/hooks/useAuth.ts
+++ b/apps/web/src/hooks/useAuth.ts
@@ -1,5 +1,5 @@
 import { NEXT_PUBLIC_API_URL, NEXT_PUBLIC_PUBLIC_URL } from '@/utils/env'
-import fetcher from '@/utils/fetcher'
+import fetcher, { AuthenticationError } from '@/utils/fetcher'
 import type { ApiUser, UserWorkspaceRole } from '@briefer/database'
 import { useRouter } from 'next/router'
 import { useCallback, useMemo, useState } from 'react'
@@ -60,8 +60,11 @@ export const useSignup = (): UseSignup => {
 }
 
 type LoginAPI = {
-  loginWithEmail: (email: string) => void
-  loginWithPassword: (email: string, password: string) => void
+  loginWithPassword: (
+    email: string,
+    password: string,
+    callback?: string
+  ) => void
 }
 type UseLogin = [AuthState, LoginAPI]
 export const useLogin = (): UseLogin => {
@@ -71,45 +74,14 @@ export const useLogin = (): UseLogin => {
     error: undefined,
   })
 
-  const loginWithEmail = useCallback(
-    (email: string) => {
-      setState((s) => ({ ...s, loading: true }))
-      fetch(`${NEXT_PUBLIC_API_URL()}/auth/link/request`, {
-        credentials: 'include',
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({
-          email,
-          callback: NEXT_PUBLIC_PUBLIC_URL(),
-        }),
-      })
-        .then(async (res) => {
-          if (res.ok) {
-            setState({
-              loading: false,
-              data: await res.json(),
-              error: undefined,
-            })
-            return
-          }
-
-          throw new Error(`Unexpected status ${res.status}`)
-        })
-        .catch(() => {
-          setState((s) => ({ ...s, loading: false, error: 'unexpected' }))
-        })
-    },
-    [setState]
-  )
-
   const loginWithPassword = useCallback(
-    (email: string, password: string) => {
+    (email: string, password: string, callback?: string) => {
       setState((s) => ({ ...s, loading: true }))
       fetch(`${NEXT_PUBLIC_API_URL()}/auth/sign-in/password`, {
         credentials: 'include',
         method: 'POST',
         headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({ email, password }),
+        body: JSON.stringify({ email, password, callback }),
       })
         .then(async (res) => {
           if (res.ok) {
@@ -138,10 +110,7 @@ export const useLogin = (): UseLogin => {
     [setState]
   )
 
-  return useMemo(
-    () => [state, { loginWithEmail, loginWithPassword }],
-    [state, loginWithEmail]
-  )
+  return useMemo(() => [state, { loginWithPassword }], [state])
 }
 
 export type SessionUser = ApiUser & {
@@ -149,20 +118,33 @@ export type SessionUser = ApiUser & {
   roles: Record<string, UserWorkspaceRole>
 }
 
-export const useSession = () =>
-  useSWR<SessionUser>(`${NEXT_PUBLIC_API_URL()}/auth/session`, fetcher)
+export const useSession = ({
+  redirectToLogin,
+}: {
+  redirectToLogin: boolean
+}) => {
+  const router = useRouter()
+  const session = useSWR<SessionUser>(`${NEXT_PUBLIC_API_URL()}/auth/session`, {
+    fetcher,
+    refreshInterval: redirectToLogin ? 1000 * 30 : undefined,
+    dedupingInterval: redirectToLogin ? 1000 * 2 : undefined,
+    onError: (err: Error) => {
+      if (err instanceof AuthenticationError && redirectToLogin) {
+        const callback = encodeURIComponent(
+          `${location.pathname}${location.search}`
+        )
+        router.replace(`/auth/signin?callback=${callback}`)
+      }
+    },
+  })
+
+  return session
+}
 
 export const useSignout = () => {
   const router = useRouter()
-  return useCallback(
-    (callback?: string) => {
-      const cb = callback ?? NEXT_PUBLIC_PUBLIC_URL()
-      router.push(
-        `${NEXT_PUBLIC_API_URL()}/auth/logout?callback=${encodeURIComponent(
-          cb
-        )}`
-      )
-    },
-    [router]
-  )
+  return useCallback(() => {
+    const url = `${NEXT_PUBLIC_API_URL()}/auth/logout`
+    router.push(url)
+  }, [router])
 }
diff --git a/apps/web/src/hooks/useComments.tsx b/apps/web/src/hooks/useComments.tsx
index c4898b95..1c3adbe9 100644
--- a/apps/web/src/hooks/useComments.tsx
+++ b/apps/web/src/hooks/useComments.tsx
@@ -64,7 +64,7 @@ interface Props {
 export function CommentsProvider(props: Props) {
   const [state, setState] = useState<State>(Map())
   const socket = useWebsocket()
-  const session = useSession()
+  const session = useSession({ redirectToLogin: false })
 
   useEffect(() => {
     if (!socket) {
diff --git a/apps/web/src/hooks/useFullScreenDocument.ts b/apps/web/src/hooks/useFullScreenDocument.ts
index 7613d19c..fe6aa82b 100644
--- a/apps/web/src/hooks/useFullScreenDocument.ts
+++ b/apps/web/src/hooks/useFullScreenDocument.ts
@@ -6,10 +6,10 @@ type UseFullScreenDocument = [
   boolean,
   {
     toggle: () => void
-  },
+  }
 ]
 function useFullScreenDocument(documentId: string): UseFullScreenDocument {
-  const { data: user } = useSession()
+  const { data: user } = useSession({ redirectToLogin: true })
   const [isFullScreen, setIsFullScreen] = useLocalStorage(
     `briefer-user-${user?.id}-doc-${documentId}-fullscreen`,
     false
diff --git a/apps/web/src/hooks/useSessionRedirect.ts b/apps/web/src/hooks/useSessionRedirect.ts
deleted file mode 100644
index ea3813b3..00000000
--- a/apps/web/src/hooks/useSessionRedirect.ts
+++ /dev/null
@@ -1,56 +0,0 @@
-import { useWorkspaces } from '@/hooks/useWorkspaces'
-import { useEffect } from 'react'
-import { NextRouter, useRouter } from 'next/router'
-import { useSession, useSignout } from '@/hooks/useAuth'
-import useProperties from './useProperties'
-
-const redirectToLogin = (router: NextRouter) => {
-  const postRedirPath = router.asPath
-  const path =
-    postRedirPath === '/'
-      ? '/auth/signin'
-      : `/auth/signin?r=${encodeURIComponent(postRedirPath)}`
-
-  router.replace(path)
-}
-
-export const useSessionRedirect = (shouldRedirect = true) => {
-  const properties = useProperties()
-  const router = useRouter()
-  const session = useSession()
-  const [workspaces] = useWorkspaces()
-  const signOut = useSignout()
-
-  useEffect(() => {
-    if (
-      !shouldRedirect ||
-      session.isLoading ||
-      workspaces.isLoading ||
-      properties.isLoading ||
-      !properties.data
-    ) {
-      return
-    }
-
-    if (!session.data) {
-      if (properties.data.needsSetup) {
-        router.replace('/setup')
-      } else {
-        redirectToLogin(router)
-      }
-    } else {
-      const user = session.data
-      const workspace =
-        workspaces.data.find(
-          (workspace) => workspace.id === user.lastVisitedWorkspaceId
-        ) ??
-        workspaces.data.find((workspace) => workspace.ownerId === user.id) ??
-        workspaces.data[0]
-      if (workspace) {
-        router.replace(`/workspaces/${workspace.id}/documents`)
-      } else {
-        signOut()
-      }
-    }
-  }, [properties, workspaces, session, router, shouldRedirect, signOut])
-}
diff --git a/apps/web/src/hooks/useWebsocket.tsx b/apps/web/src/hooks/useWebsocket.tsx
index 25424e9d..3ec4ba07 100644
--- a/apps/web/src/hooks/useWebsocket.tsx
+++ b/apps/web/src/hooks/useWebsocket.tsx
@@ -12,7 +12,7 @@ interface Props {
 }
 export function WebsocketProvider({ children }: Props) {
   const [socket, setSocket] = useState<Socket | null>(null)
-  const session = useSession()
+  const session = useSession({ redirectToLogin: false })
   const workspaceId = useStringQuery('workspaceId')
   useEffect(() => {
     if (session.data?.id) {
diff --git a/apps/web/src/hooks/useWorkspaces.ts b/apps/web/src/hooks/useWorkspaces.ts
index 02d87c83..d4955a1a 100644
--- a/apps/web/src/hooks/useWorkspaces.ts
+++ b/apps/web/src/hooks/useWorkspaces.ts
@@ -2,7 +2,6 @@ import fetcher from '@/utils/fetcher'
 import type { ApiWorkspace } from '@briefer/database'
 import { useCallback, useMemo } from 'react'
 import useSWR from 'swr'
-import { useSession } from './useAuth'
 import { OnboardingStep } from '@briefer/types'
 import { WorkspaceEditFormValues } from '@briefer/types'
 import { NEXT_PUBLIC_API_URL } from '@/utils/env'
@@ -19,7 +18,6 @@ type API = {
 }
 type UseWorkspaces = [{ data: ApiWorkspace[]; isLoading: boolean }, API]
 export const useWorkspaces = (): UseWorkspaces => {
-  const session = useSession()
   const swrRes = useSWR<ApiWorkspace[]>(
     `${NEXT_PUBLIC_API_URL()}/v1/workspaces`,
     fetcher
diff --git a/apps/web/src/pages/auth/signin.tsx b/apps/web/src/pages/auth/signin.tsx
index 27bacff4..d482ec68 100644
--- a/apps/web/src/pages/auth/signin.tsx
+++ b/apps/web/src/pages/auth/signin.tsx
@@ -7,23 +7,15 @@ import {
 } from 'react'
 import clsx from 'clsx'
 import { useRouter } from 'next/router'
-import { useLogin, useSession } from '@/hooks/useAuth'
+import { useLogin } from '@/hooks/useAuth'
 import Link from 'next/link'
 import Spin from '@/components/Spin'
-import Cookies from 'js-cookie'
 import useProperties from '@/hooks/useProperties'
+import { useStringQuery } from '@/hooks/useQueryArgs'
 
 export default function SignIn() {
   const properties = useProperties()
   const router = useRouter()
-  const session = useSession()
-  const tokenExists = Cookies.get('sessionExpiry')
-
-  useEffect(() => {
-    if (session.data && tokenExists) {
-      router.replace('/')
-    }
-  }, [session])
 
   const [email, setEmail] = useState('')
   const onChangeEmail: ChangeEventHandler<HTMLInputElement> = useCallback(
@@ -41,14 +33,16 @@ export default function SignIn() {
     [setPassword]
   )
 
-  const [auth, { loginWithEmail, loginWithPassword }] = useLogin()
+  const callback = useStringQuery('callback')
+
+  const [auth, { loginWithPassword }] = useLogin()
   const onPasswordAuth: FormEventHandler<HTMLFormElement> = useCallback(
     (e) => {
       e.preventDefault()
 
-      loginWithPassword(email, password)
+      loginWithPassword(email, password, callback || undefined)
     },
-    [email, password, loginWithEmail]
+    [email, password, loginWithPassword, callback]
   )
 
   useEffect(() => {
@@ -63,12 +57,14 @@ export default function SignIn() {
     }
   }, [auth.data, router])
 
-  if (!properties.data) {
-    if (properties.isLoading) {
-      return null
-    }
+  if (properties.isLoading) {
+    return null
+  }
 
-    return <h4>Something went wrong. Please try again or contact support.</h4>
+  if (!properties.data) {
+    return (
+      <h4>Could not load properties. Please try again or contact support.</h4>
+    )
   }
 
   return (
diff --git a/apps/web/src/pages/index.tsx b/apps/web/src/pages/index.tsx
index f4dca4ca..5548dd0a 100644
--- a/apps/web/src/pages/index.tsx
+++ b/apps/web/src/pages/index.tsx
@@ -1,7 +1,38 @@
-import { useSessionRedirect } from '@/hooks/useSessionRedirect'
+import { useSession } from '@/hooks/useAuth'
+import useProperties from '@/hooks/useProperties'
+import { useRouter } from 'next/router'
+import { useEffect } from 'react'
 
 export default function Index() {
-  useSessionRedirect()
+  const session = useSession({ redirectToLogin: false })
+  const router = useRouter()
+  const properties = useProperties()
+
+  useEffect(() => {
+    if (session.isLoading || properties.isLoading) {
+      return
+    }
+
+    if (session.data) {
+      router.replace('/workspaces')
+    } else if (properties.data?.needsSetup) {
+      router.replace('/setup')
+    } else {
+      router.replace('/auth/signin')
+    }
+  }, [
+    router,
+    session.isLoading,
+    properties.isLoading,
+    session.data,
+    properties.data,
+  ])
+
+  if (!session.data && !properties.isLoading && !properties.data) {
+    return (
+      <h4>Could not load properties. Please try again or contact support.</h4>
+    )
+  }
 
   return null
 }
diff --git a/apps/web/src/pages/setup.tsx b/apps/web/src/pages/setup.tsx
index d739c295..6e624292 100644
--- a/apps/web/src/pages/setup.tsx
+++ b/apps/web/src/pages/setup.tsx
@@ -10,23 +10,25 @@ import useProperties from '@/hooks/useProperties'
 import { NEXT_PUBLIC_API_URL } from '@/utils/env'
 
 function SetupPage() {
-  const { isLoading, data: properties } = useProperties()
+  const properties = useProperties()
   const router = useRouter()
   useEffect(() => {
-    if (!isLoading && !properties) {
-      alert('Something went wrong')
+    if (properties.isLoading) {
+      return
     }
 
-    if (properties && !properties.needsSetup) {
-      router.push('/')
+    if (properties.data && !properties.data.needsSetup) {
+      router.replace('/')
     }
-  }, [properties, router])
+  }, [properties.isLoading, properties.data, router])
 
-  if (!isLoading && !properties) {
-    return <h4>Something went wrong, please try again later</h4>
+  if (!properties.isLoading && !properties.data) {
+    return (
+      <h4>Could not load properties. Please try again or contact support.</h4>
+    )
   }
 
-  if (isLoading || !properties) {
+  if (properties.isLoading || !properties.data?.needsSetup) {
     return null
   }
 
diff --git a/apps/web/src/pages/workspaces/[workspaceId]/data-sources/edit/[dataSourceId].tsx b/apps/web/src/pages/workspaces/[workspaceId]/data-sources/edit/[dataSourceId].tsx
index 9548513e..7f8b2803 100644
--- a/apps/web/src/pages/workspaces/[workspaceId]/data-sources/edit/[dataSourceId].tsx
+++ b/apps/web/src/pages/workspaces/[workspaceId]/data-sources/edit/[dataSourceId].tsx
@@ -30,6 +30,7 @@ import DatabricksSQLForm, {
   DatabricksSQLDataSourceInput,
 } from '@/components/forms/databrickssql'
 import ScrollBar from '@/components/ScrollBar'
+import { useSession } from '@/hooks/useAuth'
 
 export default function EditDataSourcePostgresSQLPage() {
   const router = useRouter()
@@ -90,10 +91,13 @@ export default function EditDataSourcePostgresSQLPage() {
     },
   ]
 
-  console.log(data)
+  const session = useSession({ redirectToLogin: true })
+  if (!session.data) {
+    return null
+  }
 
   return (
-    <Layout pagePath={pagePath} hideOnboarding>
+    <Layout user={session.data} pagePath={pagePath} hideOnboarding>
       <ScrollBar className="w-full overflow-auto">
         {data && data.config.type === 'psql' ? (
           <PostgreSQLForm
diff --git a/apps/web/src/pages/workspaces/[workspaceId]/data-sources/index.tsx b/apps/web/src/pages/workspaces/[workspaceId]/data-sources/index.tsx
index f55f363e..8794fb56 100644
--- a/apps/web/src/pages/workspaces/[workspaceId]/data-sources/index.tsx
+++ b/apps/web/src/pages/workspaces/[workspaceId]/data-sources/index.tsx
@@ -21,6 +21,7 @@ import { GATEWAY_IP } from '@/utils/info'
 import { useRouter } from 'next/router'
 import SchemaExplorer from '@/components/schemaExplorer'
 import ScrollBar from '@/components/ScrollBar'
+import { useSession } from '@/hooks/useAuth'
 
 const pagePath = (workspaceId: string) => [
   { name: 'Configurations', icon: Cog8ToothIcon, href: '#', current: false },
@@ -111,8 +112,13 @@ export default function DataSourcesPage() {
     setSchemaExplorer(null)
   }, [])
 
+  const session = useSession({ redirectToLogin: true })
+  if (!session.data) {
+    return null
+  }
+
   return (
-    <Layout pagePath={pagePath(workspaceId ?? '')}>
+    <Layout user={session.data} pagePath={pagePath(workspaceId ?? '')}>
       <DataSourcesInfo showInfo={showMoreInfo} closeInfo={closeInfo} />
       <OfflineDataSourceDialog
         dataSource={offlineDataSource}
diff --git a/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/athena.tsx b/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/athena.tsx
index 0129a79b..49ad6bbc 100644
--- a/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/athena.tsx
+++ b/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/athena.tsx
@@ -10,6 +10,7 @@ import { useCallback } from 'react'
 import { useNewDataSource } from '@/hooks/useDatasource'
 import { useStringQuery } from '@/hooks/useQueryArgs'
 import ScrollBar from '@/components/ScrollBar'
+import { useSession } from '@/hooks/useAuth'
 
 const pagePath = (workspaceId: string) => [
   { name: 'Configurations', icon: Cog8ToothIcon, href: '#', current: false },
@@ -51,8 +52,13 @@ export default function NewDataSourceAthenaPage() {
     [workspaceId]
   )
 
+  const session = useSession({ redirectToLogin: true })
+  if (!session.data) {
+    return null
+  }
+
   return (
-    <Layout pagePath={pagePath(workspaceId)} hideOnboarding>
+    <Layout pagePath={pagePath(workspaceId)} hideOnboarding user={session.data}>
       <ScrollBar className="w-full overflow-auto">
         <AthenaForm workspaceId={workspaceId} onSubmit={onSubmit} />
       </ScrollBar>
diff --git a/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/bigquery.tsx b/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/bigquery.tsx
index 64df70dc..53b70a94 100644
--- a/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/bigquery.tsx
+++ b/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/bigquery.tsx
@@ -12,6 +12,7 @@ import { useCallback } from 'react'
 import { useNewDataSource } from '@/hooks/useDatasource'
 import { useStringQuery } from '@/hooks/useQueryArgs'
 import ScrollBar from '@/components/ScrollBar'
+import { useSession } from '@/hooks/useAuth'
 
 const pagePath = (workspaceId: string) => [
   { name: 'Configurations', icon: Cog8ToothIcon, href: '#', current: false },
@@ -53,8 +54,13 @@ export default function NewDataSourcePostgresSQLPage() {
     [workspaceId]
   )
 
+  const session = useSession({ redirectToLogin: true })
+  if (!session.data) {
+    return null
+  }
+
   return (
-    <Layout pagePath={pagePath(workspaceId)} hideOnboarding>
+    <Layout pagePath={pagePath(workspaceId)} hideOnboarding user={session.data}>
       <ScrollBar className="w-full overflow-auto">
         <BigQueryForm workspaceId={workspaceId} onSubmit={onSubmit} />
       </ScrollBar>
diff --git a/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/databrickssql.tsx b/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/databrickssql.tsx
index 5bc7e963..71d5137b 100644
--- a/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/databrickssql.tsx
+++ b/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/databrickssql.tsx
@@ -12,6 +12,7 @@ import { useCallback } from 'react'
 import { useNewDataSource } from '@/hooks/useDatasource'
 import { useStringQuery } from '@/hooks/useQueryArgs'
 import ScrollBar from '@/components/ScrollBar'
+import { useSession } from '@/hooks/useAuth'
 
 const pagePath = (workspaceId: string) => [
   { name: 'Configurations', icon: Cog8ToothIcon, href: '#', current: false },
@@ -53,8 +54,13 @@ export default function NewDataSourceDatabricksSQLPage() {
     [workspaceId]
   )
 
+  const session = useSession({ redirectToLogin: true })
+  if (!session.data) {
+    return null
+  }
+
   return (
-    <Layout pagePath={pagePath(workspaceId)} hideOnboarding>
+    <Layout pagePath={pagePath(workspaceId)} hideOnboarding user={session.data}>
       <ScrollBar className="w-full overflow-auto">
         <DatabricksSQLForm workspaceId={workspaceId} onSubmit={onSubmit} />
       </ScrollBar>
diff --git a/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/index.tsx b/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/index.tsx
index 9841a1f0..39314560 100644
--- a/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/index.tsx
+++ b/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/index.tsx
@@ -48,10 +48,14 @@ export default function DataSourcesPage() {
   const onToggleFiles = useCallback(() => {
     setFilesOpen((prev) => !prev)
   }, [])
-  const session = useSession()
+
+  const session = useSession({ redirectToLogin: true })
+  if (!session.data) {
+    return null
+  }
 
   return (
-    <Layout pagePath={pagePath(workspaceId)}>
+    <Layout pagePath={pagePath(workspaceId)} user={session.data}>
       <div className="bg-white w-full h-full">
         <div className="px-4 sm:p-6 lg:p-8">
           <div className="border-b border-gray-200 pb-4 sm:flex sm:items-center sm:justify-between">
diff --git a/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/mysql.tsx b/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/mysql.tsx
index 5d9eedb6..cfaa91c7 100644
--- a/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/mysql.tsx
+++ b/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/mysql.tsx
@@ -10,6 +10,7 @@ import { useCallback } from 'react'
 import { useNewDataSource } from '@/hooks/useDatasource'
 import { useStringQuery } from '@/hooks/useQueryArgs'
 import ScrollBar from '@/components/ScrollBar'
+import { useSession } from '@/hooks/useAuth'
 
 const pagePath = (workspaceId: string) => [
   { name: 'Configurations', icon: Cog8ToothIcon, href: '#', current: false },
@@ -51,8 +52,13 @@ export default function NewDataSourceMySQLPage() {
     [workspaceId]
   )
 
+  const session = useSession({ redirectToLogin: true })
+  if (!session.data) {
+    return null
+  }
+
   return (
-    <Layout pagePath={pagePath(workspaceId)} hideOnboarding>
+    <Layout pagePath={pagePath(workspaceId)} hideOnboarding user={session.data}>
       <ScrollBar className="w-full overflow-auto">
         <MySQLForm workspaceId={workspaceId} onSubmit={onSubmit} />
       </ScrollBar>
diff --git a/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/oracle.tsx b/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/oracle.tsx
index bc8031bd..20fceb57 100644
--- a/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/oracle.tsx
+++ b/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/oracle.tsx
@@ -10,6 +10,7 @@ import { useCallback } from 'react'
 import { useNewDataSource } from '@/hooks/useDatasource'
 import { useStringQuery } from '@/hooks/useQueryArgs'
 import ScrollBar from '@/components/ScrollBar'
+import { useSession } from '@/hooks/useAuth'
 
 const pagePath = (workspaceId: string) => [
   { name: 'Configurations', icon: Cog8ToothIcon, href: '#', current: false },
@@ -51,8 +52,13 @@ export default function NewDataSourcePostgresSQLPage() {
     [workspaceId]
   )
 
+  const session = useSession({ redirectToLogin: true })
+  if (!session.data) {
+    return null
+  }
+
   return (
-    <Layout pagePath={pagePath(workspaceId)} hideOnboarding>
+    <Layout pagePath={pagePath(workspaceId)} hideOnboarding user={session.data}>
       <ScrollBar className="w-full overflow-auto">
         <OracleForm workspaceId={workspaceId} onSubmit={onSubmit} />
       </ScrollBar>
diff --git a/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/postgresql.tsx b/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/postgresql.tsx
index 580ea63d..8af39ee4 100644
--- a/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/postgresql.tsx
+++ b/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/postgresql.tsx
@@ -12,6 +12,7 @@ import { useCallback } from 'react'
 import { useNewDataSource } from '@/hooks/useDatasource'
 import { useStringQuery } from '@/hooks/useQueryArgs'
 import ScrollBar from '@/components/ScrollBar'
+import { useSession } from '@/hooks/useAuth'
 
 const pagePath = (workspaceId: string) => [
   { name: 'Configurations', icon: Cog8ToothIcon, href: '#', current: false },
@@ -53,8 +54,13 @@ export default function NewDataSourcePostgresSQLPage() {
     [workspaceId]
   )
 
+  const session = useSession({ redirectToLogin: true })
+  if (!session.data) {
+    return null
+  }
+
   return (
-    <Layout pagePath={pagePath(workspaceId)} hideOnboarding>
+    <Layout pagePath={pagePath(workspaceId)} hideOnboarding user={session.data}>
       <ScrollBar className="w-full overflow-auto">
         <PostgreSQLForm workspaceId={workspaceId} onSubmit={onSubmit} />
       </ScrollBar>
diff --git a/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/redshift.tsx b/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/redshift.tsx
index c102df18..2fd5b8cb 100644
--- a/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/redshift.tsx
+++ b/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/redshift.tsx
@@ -12,6 +12,7 @@ import { useCallback } from 'react'
 import { useNewDataSource } from '@/hooks/useDatasource'
 import { useStringQuery } from '@/hooks/useQueryArgs'
 import ScrollBar from '@/components/ScrollBar'
+import { useSession } from '@/hooks/useAuth'
 
 const pagePath = (workspaceId: string) => [
   { name: 'Configurations', icon: Cog8ToothIcon, href: '#', current: false },
@@ -53,8 +54,13 @@ export default function NewDataSourceRedshiftPage() {
     [workspaceId]
   )
 
+  const session = useSession({ redirectToLogin: true })
+  if (!session.data) {
+    return null
+  }
+
   return (
-    <Layout pagePath={pagePath(workspaceId)} hideOnboarding>
+    <Layout pagePath={pagePath(workspaceId)} hideOnboarding user={session.data}>
       <ScrollBar className="w-full overflow-auto">
         <RedshiftForm workspaceId={workspaceId} onSubmit={onSubmit} />
       </ScrollBar>
diff --git a/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/snowflake.tsx b/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/snowflake.tsx
index 2b378fbf..fe9f85c4 100644
--- a/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/snowflake.tsx
+++ b/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/snowflake.tsx
@@ -12,6 +12,7 @@ import { useCallback } from 'react'
 import { useNewDataSource } from '@/hooks/useDatasource'
 import { useStringQuery } from '@/hooks/useQueryArgs'
 import ScrollBar from '@/components/ScrollBar'
+import { useSession } from '@/hooks/useAuth'
 
 const pagePath = (workspaceId: string) => [
   { name: 'Configurations', icon: Cog8ToothIcon, href: '#', current: false },
@@ -53,8 +54,13 @@ export default function NewDataSourceSnowflakePage() {
     [workspaceId]
   )
 
+  const session = useSession({ redirectToLogin: true })
+  if (!session.data) {
+    return null
+  }
+
   return (
-    <Layout pagePath={pagePath(workspaceId)} hideOnboarding>
+    <Layout pagePath={pagePath(workspaceId)} hideOnboarding user={session.data}>
       <ScrollBar className="w-full overflow-auto">
         <SnowflakeForm workspaceId={workspaceId} onSubmit={onSubmit} />
       </ScrollBar>
diff --git a/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/sqlserver.tsx b/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/sqlserver.tsx
index 38eac66c..753adc79 100644
--- a/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/sqlserver.tsx
+++ b/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/sqlserver.tsx
@@ -12,6 +12,7 @@ import SQLServerForm, {
   SQLServerDataSourceInput,
 } from '@/components/forms/sqlserver'
 import ScrollBar from '@/components/ScrollBar'
+import { useSession } from '@/hooks/useAuth'
 
 const pagePath = (workspaceId: string) => [
   { name: 'Configurations', icon: Cog8ToothIcon, href: '#', current: false },
@@ -53,8 +54,13 @@ export default function NewDataSourceSQLServerPage() {
     [workspaceId]
   )
 
+  const session = useSession({ redirectToLogin: true })
+  if (!session.data) {
+    return null
+  }
+
   return (
-    <Layout pagePath={pagePath(workspaceId)} hideOnboarding>
+    <Layout pagePath={pagePath(workspaceId)} hideOnboarding user={session.data}>
       <ScrollBar className="w-full overflow-auto">
         <SQLServerForm workspaceId={workspaceId} onSubmit={onSubmit} />
       </ScrollBar>
diff --git a/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/trino.tsx b/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/trino.tsx
index cc5addbc..dd6c628c 100644
--- a/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/trino.tsx
+++ b/apps/web/src/pages/workspaces/[workspaceId]/data-sources/new/trino.tsx
@@ -10,6 +10,7 @@ import { useCallback } from 'react'
 import { useNewDataSource } from '@/hooks/useDatasource'
 import { useStringQuery } from '@/hooks/useQueryArgs'
 import ScrollBar from '@/components/ScrollBar'
+import { useSession } from '@/hooks/useAuth'
 
 const pagePath = (workspaceId: string) => [
   { name: 'Configurations', icon: Cog8ToothIcon, href: '#', current: false },
@@ -51,8 +52,13 @@ export default function NewDataSourceTrinoPage() {
     [workspaceId]
   )
 
+  const session = useSession({ redirectToLogin: true })
+  if (!session.data) {
+    return null
+  }
+
   return (
-    <Layout pagePath={pagePath(workspaceId)} hideOnboarding>
+    <Layout pagePath={pagePath(workspaceId)} hideOnboarding user={session.data}>
       <ScrollBar className="w-full overflow-auto">
         <TrinoForm workspaceId={workspaceId} onSubmit={onSubmit} />
       </ScrollBar>
diff --git a/apps/web/src/pages/workspaces/[workspaceId]/documents/[documentId]/dashboard/edit.tsx b/apps/web/src/pages/workspaces/[workspaceId]/documents/[documentId]/dashboard/edit.tsx
index 7efd7fb4..f0f41709 100644
--- a/apps/web/src/pages/workspaces/[workspaceId]/documents/[documentId]/dashboard/edit.tsx
+++ b/apps/web/src/pages/workspaces/[workspaceId]/documents/[documentId]/dashboard/edit.tsx
@@ -1,5 +1,3 @@
-import DashboardSkeleton from '@/components/Dashboard/DashboardSkeleton'
-import Layout from '@/components/Layout'
 import { useSession } from '@/hooks/useAuth'
 import useDocument from '@/hooks/useDocument'
 import { useStringQuery } from '@/hooks/useQueryArgs'
@@ -24,17 +22,14 @@ export default function EditDashboardPage() {
     }
   }, [initialSidebarOpen])
 
-  const session = useSession()
+  const session = useSession({ redirectToLogin: true })
   const workspaceId = useStringQuery('workspaceId')
   const documentId = useStringQuery('documentId')
   const [{ document, loading: documentLoading }] = useDocument(
     workspaceId,
     documentId
   )
-  const [{ publishing }, { publish}] = useDocument(
-    workspaceId,
-    documentId
-  )
+  const [{ publishing }, { publish }] = useDocument(workspaceId, documentId)
 
   const loading = session.isLoading || documentLoading
   const user = session.data
@@ -59,11 +54,7 @@ export default function EditDashboardPage() {
   }, [document, workspaceId, role, loading])
 
   if (!document || !user || !role || role === 'viewer') {
-    return (
-      <Layout>
-        <DashboardSkeleton />
-      </Layout>
-    )
+    return null
   }
 
   return (
@@ -75,7 +66,7 @@ export default function EditDashboardPage() {
       <Dashboard
         document={document}
         role={role}
-        userId={user.id}
+        user={user}
         isEditing={true}
         publish={publish}
         publishing={publishing}
diff --git a/apps/web/src/pages/workspaces/[workspaceId]/documents/[documentId]/dashboard/index.tsx b/apps/web/src/pages/workspaces/[workspaceId]/documents/[documentId]/dashboard/index.tsx
index cd3ae137..c31bab87 100644
--- a/apps/web/src/pages/workspaces/[workspaceId]/documents/[documentId]/dashboard/index.tsx
+++ b/apps/web/src/pages/workspaces/[workspaceId]/documents/[documentId]/dashboard/index.tsx
@@ -1,5 +1,3 @@
-import DashboardSkeleton from '@/components/Dashboard/DashboardSkeleton'
-import Layout from '@/components/Layout'
 import { useSession } from '@/hooks/useAuth'
 import useDocument from '@/hooks/useDocument'
 import { useStringQuery } from '@/hooks/useQueryArgs'
@@ -13,18 +11,18 @@ const Dashboard = dynamic(() => import('@/components/Dashboard'), {
 })
 
 export default function DashboardPage() {
-  const session = useSession()
+  const session = useSession({ redirectToLogin: true })
   const workspaceId = useStringQuery('workspaceId')
   const documentId = useStringQuery('documentId')
+  const router = useRouter()
   const [{ document, loading: loadingDocument }] = useDocument(
     workspaceId,
     documentId
   )
 
   const loading = session.isLoading || loadingDocument
-
-  const router = useRouter()
   const role = session.data?.roles[workspaceId]
+
   useEffect(() => {
     if (loading) {
       return
@@ -45,14 +43,10 @@ export default function DashboardPage() {
         )
       }
     }
-  }, [document, workspaceId, role, loading])
+  }, [loading, document, role, router, workspaceId, documentId])
 
-  if (!document || !session.data || !role || !document.publishedAt) {
-    return (
-      <Layout>
-        <DashboardSkeleton />
-      </Layout>
-    )
+  if (!document || !role || !session.data) {
+    return null
   }
 
   return (
@@ -64,7 +58,7 @@ export default function DashboardPage() {
       <Dashboard
         document={document}
         role={role}
-        userId={session.data.id}
+        user={session.data}
         isEditing={false}
         publish={() => Promise.resolve()}
         publishing={false}
diff --git a/apps/web/src/pages/workspaces/[workspaceId]/documents/[documentId]/index.tsx b/apps/web/src/pages/workspaces/[workspaceId]/documents/[documentId]/index.tsx
index 5b445483..6c4d154a 100644
--- a/apps/web/src/pages/workspaces/[workspaceId]/documents/[documentId]/index.tsx
+++ b/apps/web/src/pages/workspaces/[workspaceId]/documents/[documentId]/index.tsx
@@ -4,16 +4,9 @@ import useDocument from '@/hooks/useDocument'
 import { useEffect } from 'react'
 import { useRouter } from 'next/router'
 import { UserWorkspaceRole } from '@briefer/database'
-import {
-  ContentSkeleton,
-  TitleSkeleton,
-} from '@/components/v2Editor/ContentSkeleton'
-import Layout from '@/components/Layout'
-import clsx from 'clsx'
-import { widthClasses } from '@/components/v2Editor/constants'
 
 export default function DocumentPage() {
-  const session = useSession()
+  const session = useSession({ redirectToLogin: true })
   const workspaceId = useStringQuery('workspaceId')
   const documentId = useStringQuery('documentId')
   const role = session.data?.roles[workspaceId]
@@ -21,23 +14,11 @@ export default function DocumentPage() {
 
   useEffect(() => {
     if (!role && !session.isLoading) {
-      router.replace(`/workspaces/${workspaceId}/documents`)
+      // this user does not belong to this workspace
+      router.replace('/')
     }
   }, [role, session.isLoading, workspaceId, router])
 
-  if (!session.data && session.isLoading && !session.error) {
-    return (
-      <Layout>
-        <div className="w-full flex justify-center">
-          <div className={clsx(widthClasses, 'py-20')}>
-            <TitleSkeleton visible />
-            <ContentSkeleton visible />
-          </div>
-        </div>
-      </Layout>
-    )
-  }
-
   if (session.data && role) {
     return (
       <PrivateDocumentPage
@@ -90,16 +71,7 @@ function PrivateDocumentPage(props: PrivateDocumentPageProps) {
         `/workspaces/${props.workspaceId}/documents/${props.documentId}/notebook`
       )
     }
-  }, [document, loading, props.user])
+  }, [document, loading, props.workspaceId, props.documentId, props.user])
 
-  return (
-    <Layout>
-      <div className="w-full flex justify-center">
-        <div className={clsx(widthClasses, 'py-20')}>
-          <TitleSkeleton visible />
-          <ContentSkeleton visible />
-        </div>
-      </div>
-    </Layout>
-  )
+  return null
 }
diff --git a/apps/web/src/pages/workspaces/[workspaceId]/documents/[documentId]/notebook/edit.tsx b/apps/web/src/pages/workspaces/[workspaceId]/documents/[documentId]/notebook/edit.tsx
index e11cdef7..6723e38f 100644
--- a/apps/web/src/pages/workspaces/[workspaceId]/documents/[documentId]/notebook/edit.tsx
+++ b/apps/web/src/pages/workspaces/[workspaceId]/documents/[documentId]/notebook/edit.tsx
@@ -5,38 +5,14 @@ import useDocument from '@/hooks/useDocument'
 import { useEffect } from 'react'
 import { useRouter } from 'next/router'
 import Head from 'next/head'
-import Layout from '@/components/Layout'
-import {
-  ContentSkeleton,
-  TitleSkeleton,
-} from '@/components/v2Editor/ContentSkeleton'
-import clsx from 'clsx'
-import { widthClasses } from '@/components/v2Editor/constants'
 
 export default function EditNotebookPage() {
-  const session = useSession()
+  const session = useSession({ redirectToLogin: true })
   const workspaceId = useStringQuery('workspaceId')
   const documentId = useStringQuery('documentId')
-  const router = useRouter()
-
-  useEffect(() => {
-    const role = session.data?.roles[workspaceId]
-    if (!role && !session.isLoading) {
-      router.replace(`/workspaces/${workspaceId}/documents/${documentId}`)
-    }
-  }, [session.data, workspaceId, documentId])
 
-  if (!session.data || !session.data.roles[workspaceId]) {
-    return (
-      <Layout>
-        <div className="w-full flex justify-center">
-          <div className={clsx(widthClasses, 'py-20')}>
-            <TitleSkeleton visible />
-            <ContentSkeleton visible />
-          </div>
-        </div>
-      </Layout>
-    )
+  if (!session.data) {
+    return null
   }
 
   return (
@@ -70,17 +46,8 @@ function EditNotebook(props: Props) {
     }
   }, [document, loading, props.user])
 
-  if (loading || !document) {
-    return (
-      <Layout>
-        <div className="w-full flex justify-center">
-          <div className={clsx(widthClasses, 'py-20')}>
-            <TitleSkeleton visible />
-            <ContentSkeleton visible />
-          </div>
-        </div>
-      </Layout>
-    )
+  if (!document) {
+    return null
   }
 
   return (
diff --git a/apps/web/src/pages/workspaces/[workspaceId]/documents/[documentId]/notebook/index.tsx b/apps/web/src/pages/workspaces/[workspaceId]/documents/[documentId]/notebook/index.tsx
index 5eace93c..170a3648 100644
--- a/apps/web/src/pages/workspaces/[workspaceId]/documents/[documentId]/notebook/index.tsx
+++ b/apps/web/src/pages/workspaces/[workspaceId]/documents/[documentId]/notebook/index.tsx
@@ -5,33 +5,13 @@ import useDocument from '@/hooks/useDocument'
 import { useEffect } from 'react'
 import { useRouter } from 'next/router'
 import Head from 'next/head'
-import Layout from '@/components/Layout'
-import clsx from 'clsx'
-import { widthClasses } from '@/components/v2Editor/constants'
-import {
-  ContentSkeleton,
-  TitleSkeleton,
-} from '@/components/v2Editor/ContentSkeleton'
 
 export default function NotebookPage() {
-  const session = useSession()
+  const session = useSession({ redirectToLogin: true })
   const workspaceId = useStringQuery('workspaceId')
   const documentId = useStringQuery('documentId')
 
-  if (!session.data && session.isLoading && !session.error) {
-    return (
-      <Layout>
-        <div className="w-full flex justify-center">
-          <div className={clsx(widthClasses, 'py-20')}>
-            <TitleSkeleton visible />
-            <ContentSkeleton visible />
-          </div>
-        </div>
-      </Layout>
-    )
-  }
-
-  if (session.data && session.data.roles[workspaceId]) {
+  if (session.data) {
     return (
       <Notebook
         workspaceId={workspaceId}
@@ -74,16 +54,7 @@ function Notebook(props: Props) {
   }, [document, loading, props.user])
 
   if (loading || !document || document.publishedAt === null) {
-    return (
-      <Layout>
-        <div className="w-full flex justify-center">
-          <div className={clsx(widthClasses, 'py-20')}>
-            <TitleSkeleton visible />
-            <ContentSkeleton visible />
-          </div>
-        </div>
-      </Layout>
-    )
+    return null
   }
 
   return (
diff --git a/apps/web/src/pages/workspaces/[workspaceId]/documents/index.tsx b/apps/web/src/pages/workspaces/[workspaceId]/documents/index.tsx
index 212a0c56..5e23f857 100644
--- a/apps/web/src/pages/workspaces/[workspaceId]/documents/index.tsx
+++ b/apps/web/src/pages/workspaces/[workspaceId]/documents/index.tsx
@@ -1,19 +1,12 @@
-import Layout from '@/components/Layout'
-import {
-  ContentSkeleton,
-  TitleSkeleton,
-} from '@/components/v2Editor/ContentSkeleton'
-import { widthClasses } from '@/components/v2Editor/constants'
 import { useDocuments } from '@/hooks/useDocuments'
 import { useStringQuery } from '@/hooks/useQueryArgs'
-import clsx from 'clsx'
 import { useRouter } from 'next/router'
 import { useEffect, useMemo } from 'react'
 
 export default function DocumentsPage() {
   const router = useRouter()
   const workspaceId = useStringQuery('workspaceId')
-  const [state, { createDocument }] = useDocuments(workspaceId)
+  const [state] = useDocuments(workspaceId)
 
   const documents = useMemo(
     () =>
@@ -28,22 +21,7 @@ export default function DocumentsPage() {
     if (!state.loading && first) {
       router.replace(`/workspaces/${workspaceId}/documents/${first.id}`)
     }
-  }, [documents, workspaceId])
+  }, [state.loading, documents, workspaceId])
 
-  useEffect(() => {
-    if (!state.loading && documents.size === 0) {
-      createDocument({ version: 2 })
-    }
-  }, [documents, state.loading, createDocument, workspaceId])
-
-  return (
-    <Layout>
-      <div className="w-full flex justify-center">
-        <div className={clsx(widthClasses, 'w-full py-20')}>
-          <TitleSkeleton visible />
-          <ContentSkeleton visible />
-        </div>
-      </div>
-    </Layout>
-  )
+  return null
 }
diff --git a/apps/web/src/pages/workspaces/[workspaceId]/environments/current/index.tsx b/apps/web/src/pages/workspaces/[workspaceId]/environments/current/index.tsx
index b4364037..b6c71fd0 100644
--- a/apps/web/src/pages/workspaces/[workspaceId]/environments/current/index.tsx
+++ b/apps/web/src/pages/workspaces/[workspaceId]/environments/current/index.tsx
@@ -11,6 +11,7 @@ import Layout from '@/components/Layout'
 import { useStringQuery } from '@/hooks/useQueryArgs'
 import clsx from 'clsx'
 import ScrollBar from '@/components/ScrollBar'
+import { useSession } from '@/hooks/useAuth'
 
 const pagePath = (workspaceId: string) => [
   { name: 'Configurations', icon: Cog8ToothIcon, href: '#', current: false },
@@ -29,10 +30,15 @@ const pagePath = (workspaceId: string) => [
 ]
 
 export default function CurrentEnvironmentPage() {
+  const session = useSession({ redirectToLogin: true })
   const workspaceId = useStringQuery('workspaceId')
 
+  if (!session.data) {
+    return null
+  }
+
   return (
-    <Layout pagePath={pagePath(workspaceId ?? '')}>
+    <Layout pagePath={pagePath(workspaceId ?? '')} user={session.data}>
       <ScrollBar className="w-full bg-white h-full overflow-auto">
         <div className="px-4 sm:p-6 lg:p-8">
           <div className="border-b border-gray-200 pb-4 flex items-center justify-between">
diff --git a/apps/web/src/pages/workspaces/[workspaceId]/environments/current/variables.tsx b/apps/web/src/pages/workspaces/[workspaceId]/environments/current/variables.tsx
index faf7c164..de6f9732 100644
--- a/apps/web/src/pages/workspaces/[workspaceId]/environments/current/variables.tsx
+++ b/apps/web/src/pages/workspaces/[workspaceId]/environments/current/variables.tsx
@@ -62,7 +62,7 @@ function errorToMessage(error: ErrorType): string {
 }
 
 export default function EnvirontVariablesPage() {
-  const session = useSession()
+  const session = useSession({ redirectToLogin: true })
   const router = useRouter()
   const workspaceId = useStringQuery('workspaceId')
   const [saving, setSaving] = useState(false)
@@ -162,8 +162,12 @@ export default function EnvirontVariablesPage() {
     setFilesOpen((prev) => !prev)
   }, [])
 
+  if (!session.data) {
+    return null
+  }
+
   return (
-    <Layout pagePath={pagePath(workspaceId)}>
+    <Layout pagePath={pagePath(workspaceId)} user={session.data}>
       <div className="flex flex-col flex-grow h-full">
         <ScrollBar className="w-full bg-white h-full overflow-auto">
           <div className="px-4 sm:p-6 lg:p-8">
diff --git a/apps/web/src/pages/workspaces/[workspaceId]/environments/index.tsx b/apps/web/src/pages/workspaces/[workspaceId]/environments/index.tsx
index 4e455648..7580393c 100644
--- a/apps/web/src/pages/workspaces/[workspaceId]/environments/index.tsx
+++ b/apps/web/src/pages/workspaces/[workspaceId]/environments/index.tsx
@@ -1,19 +1,7 @@
-import { CpuChipIcon, Cog8ToothIcon } from '@heroicons/react/24/outline'
-import React, { useEffect } from 'react'
+import { useEffect } from 'react'
 
 import { useStringQuery } from '@/hooks/useQueryArgs'
 import { useRouter } from 'next/router'
-import Layout from '@/components/Layout'
-
-const pagePath = (workspaceId: string) => [
-  { name: 'Configurations', icon: Cog8ToothIcon, href: '#', current: false },
-  {
-    name: 'Environments',
-    icon: CpuChipIcon,
-    href: `/workspaces/${workspaceId}/environments`,
-    current: true,
-  },
-]
 
 export default function EnvironmentsPage() {
   const router = useRouter()
@@ -23,25 +11,5 @@ export default function EnvironmentsPage() {
     router.push(`/workspaces/${workspaceId}/environments/current`)
   }, [workspaceId, router])
 
-  return (
-    <Layout pagePath={pagePath(workspaceId ?? '')}>
-      <EnvironmentsPlaceholder />
-    </Layout>
-  )
-}
-
-function EnvironmentsPlaceholder() {
-  return (
-    <div className="py-6">
-      <div className="text-center py-12 bg-ceramic-50/60 rounded-xl">
-        <CpuChipIcon className="h-12 w-12 text-gray-400 mx-auto" />
-        <h3 className="mt-2 text-sm font-semibold text-gray-900">
-          Configurable environments are not available yet.
-        </h3>
-        <p className="mt-1 text-sm text-gray-500">
-          We&apos;ll notify you when configurable environments are available.
-        </p>
-      </div>
-    </div>
-  )
+  return null
 }
diff --git a/apps/web/src/pages/workspaces/[workspaceId]/integrations/index.tsx b/apps/web/src/pages/workspaces/[workspaceId]/integrations/index.tsx
index d6bc2cdf..5c82a697 100644
--- a/apps/web/src/pages/workspaces/[workspaceId]/integrations/index.tsx
+++ b/apps/web/src/pages/workspaces/[workspaceId]/integrations/index.tsx
@@ -5,6 +5,7 @@ import { PuzzlePieceIcon, Cog8ToothIcon } from '@heroicons/react/24/outline'
 import { useStringQuery } from '@/hooks/useQueryArgs'
 import IntegrationsList from '@/components/IntegrationsList'
 import Link from 'next/link'
+import { useSession } from '@/hooks/useAuth'
 
 const pagePath = (workspaceId: string) => [
   { name: 'Configurations', icon: Cog8ToothIcon, href: '#', current: false },
@@ -17,10 +18,16 @@ const pagePath = (workspaceId: string) => [
 ]
 
 export default function IntegrationsPage() {
+  const session = useSession({ redirectToLogin: true })
+
   const workspaceId = useStringQuery('workspaceId')
 
+  if (!session.data) {
+    return null
+  }
+
   return (
-    <Layout pagePath={pagePath(useStringQuery('workspaceId') ?? '')}>
+    <Layout pagePath={pagePath(workspaceId)} user={session.data}>
       <div className="bg-white w-full h-full">
         <div className="px-4 sm:p-6 lg:p-8">
           <div className="border-b border-gray-200 pb-4 sm:flex sm:items-center sm:justify-between">
diff --git a/apps/web/src/pages/workspaces/[workspaceId]/integrations/new/index.tsx b/apps/web/src/pages/workspaces/[workspaceId]/integrations/new/index.tsx
index bfdc094c..61cbb5ed 100644
--- a/apps/web/src/pages/workspaces/[workspaceId]/integrations/new/index.tsx
+++ b/apps/web/src/pages/workspaces/[workspaceId]/integrations/new/index.tsx
@@ -6,6 +6,7 @@ import { useStringQuery } from '@/hooks/useQueryArgs'
 import { ChevronRightIcon } from '@heroicons/react/20/solid'
 import { Tooltip } from '@/components/Tooltips'
 import clsx from 'clsx'
+import { useSession } from '@/hooks/useAuth'
 
 const pagePath = (workspaceId: string) => [
   { name: 'Configurations', icon: Cog8ToothIcon, href: '#', current: false },
@@ -74,10 +75,15 @@ function IntegrationBlock(props: IntegrationBlockProps) {
 }
 
 export default function IntegrationsNewPage() {
+  const session = useSession({ redirectToLogin: true })
   const workspaceId = useStringQuery('workspaceId') ?? ''
 
+  if (!session.data) {
+    return null
+  }
+
   return (
-    <Layout pagePath={pagePath(workspaceId)}>
+    <Layout pagePath={pagePath(workspaceId)} user={session.data}>
       <div className="bg-white w-full h-full">
         <div className="px-4 sm:p-6 lg:p-8">
           <div className="border-b border-gray-200 pb-4 sm:flex sm:items-center sm:justify-between">
diff --git a/apps/web/src/pages/workspaces/[workspaceId]/profile.tsx b/apps/web/src/pages/workspaces/[workspaceId]/profile.tsx
index 9e9bdfcf..ecef3388 100644
--- a/apps/web/src/pages/workspaces/[workspaceId]/profile.tsx
+++ b/apps/web/src/pages/workspaces/[workspaceId]/profile.tsx
@@ -3,10 +3,9 @@ import { XMarkIcon } from '@heroicons/react/20/solid'
 import Layout from '@/components/Layout'
 import Spin from '@/components/Spin'
 import FormError from '@/components/forms/formError'
-import { useSession } from '@/hooks/useAuth'
+import { SessionUser, useSession } from '@/hooks/useAuth'
 import { useStringQuery } from '@/hooks/useQueryArgs'
 import { useUsers } from '@/hooks/useUsers'
-import { ApiUser } from '@briefer/database'
 import { UserIcon, CheckCircleIcon } from '@heroicons/react/24/outline'
 import Link from 'next/link'
 import { useCallback, useState } from 'react'
@@ -23,7 +22,7 @@ type FormValues = {
 
 function ProfilePage() {
   const workspaceId = useStringQuery('workspaceId')
-  const session = useSession()
+  const session = useSession({ redirectToLogin: true })
 
   const onSuccess = useCallback(() => {
     session.mutate()
@@ -44,7 +43,7 @@ function ProfilePage() {
 
 interface Props {
   workspaceId: string
-  user: ApiUser
+  user: SessionUser
   onSuccess: () => void
 }
 function Profile(props: Props) {
@@ -104,7 +103,7 @@ function Profile(props: Props) {
   )
 
   return (
-    <Layout pagePath={pagePath}>
+    <Layout pagePath={pagePath} user={props.user}>
       <div className="w-full flex justify-center">
         <div className="w-full scrollable-div">
           <form
diff --git a/apps/web/src/pages/workspaces/[workspaceId]/settings/index.tsx b/apps/web/src/pages/workspaces/[workspaceId]/settings/index.tsx
index 697a859c..284fe658 100644
--- a/apps/web/src/pages/workspaces/[workspaceId]/settings/index.tsx
+++ b/apps/web/src/pages/workspaces/[workspaceId]/settings/index.tsx
@@ -40,7 +40,7 @@ export function getDomain(email: string): string {
 
 export default function SettingsPage() {
   const workspaceId = useStringQuery('workspaceId')
-  const session = useSession()
+  const session = useSession({ redirectToLogin: true })
   const properties = useProperties()
 
   const [state, setState] = useState({
@@ -65,8 +65,12 @@ export default function SettingsPage() {
 
   const domain = getDomain(owner?.email ?? '')
 
+  if (!session.data) {
+    return null
+  }
+
   return (
-    <Layout pagePath={pagePath(workspaceId ?? '')}>
+    <Layout pagePath={pagePath(workspaceId ?? '')} user={session.data}>
       <div className="w-full bg-white h-full">
         <div className="px-4 sm:p-6 lg:p-8">
           <div className="border-b border-gray-200 pb-4 sm:flex sm:items-center sm:justify-between">
diff --git a/apps/web/src/pages/workspaces/[workspaceId]/trash/index.tsx b/apps/web/src/pages/workspaces/[workspaceId]/trash/index.tsx
index 44574d9c..77f1e367 100644
--- a/apps/web/src/pages/workspaces/[workspaceId]/trash/index.tsx
+++ b/apps/web/src/pages/workspaces/[workspaceId]/trash/index.tsx
@@ -11,6 +11,7 @@ import { useStringQuery } from '@/hooks/useQueryArgs'
 import { useDocuments } from '@/hooks/useDocuments'
 import { ApiDeletedDocument } from '@briefer/database'
 import ScrollBar from '@/components/ScrollBar'
+import { useSession } from '@/hooks/useAuth'
 
 const pagePath = (workspaceId: string) => [
   { name: 'Configurations', icon: Cog8ToothIcon, href: '#', current: false },
@@ -49,8 +50,13 @@ export default function TrashPage() {
     [restoreDocument]
   )
 
+  const session = useSession({ redirectToLogin: true })
+  if (!session.data) {
+    return null
+  }
+
   return (
-    <Layout pagePath={pagePath(workspaceId ?? '')}>
+    <Layout pagePath={pagePath(workspaceId ?? '')} user={session.data}>
       <ScrollBar className="w-full bg-white h-full overflow-auto">
         <div className="px-4 sm:p-6 lg:p-8">
           <div className="border-b border-gray-200 pb-4 sm:flex sm:items-center sm:justify-between">
diff --git a/apps/web/src/pages/workspaces/[workspaceId]/users/index.tsx b/apps/web/src/pages/workspaces/[workspaceId]/users/index.tsx
index fc2f122c..ee64095b 100644
--- a/apps/web/src/pages/workspaces/[workspaceId]/users/index.tsx
+++ b/apps/web/src/pages/workspaces/[workspaceId]/users/index.tsx
@@ -1,6 +1,5 @@
 import { UserPlusIcon } from '@heroicons/react/20/solid'
 import { UsersIcon, Cog8ToothIcon } from '@heroicons/react/24/outline'
-import Link from 'next/link'
 import React, { useCallback, useState } from 'react'
 
 import UsersList from '@/components/UsersList'
@@ -27,7 +26,7 @@ const pagePath = (workspaceId: string) => [
 
 export default function UsersPage() {
   const workspaceId = useStringQuery('workspaceId')
-  const session = useSession()
+  const session = useSession({ redirectToLogin: true })
   const router = useRouter()
 
   const isAdmin = session.data?.roles[workspaceId] === 'admin'
@@ -66,8 +65,12 @@ export default function UsersPage() {
     setNewPassword(null)
   }, [])
 
+  if (!session.data) {
+    return null
+  }
+
   return (
-    <Layout pagePath={pagePath(workspaceId ?? '')}>
+    <Layout pagePath={pagePath(workspaceId ?? '')} user={session.data}>
       <ScrollBar className="w-full bg-white h-full overflow-auto">
         <div className="px-4 sm:p-6 lg:p-8">
           <div className="border-b border-gray-200 pb-4 sm:flex sm:items-center sm:justify-between">
diff --git a/apps/web/src/pages/workspaces/[workspaceId]/users/new.tsx b/apps/web/src/pages/workspaces/[workspaceId]/users/new.tsx
index 93920554..9554e4a9 100644
--- a/apps/web/src/pages/workspaces/[workspaceId]/users/new.tsx
+++ b/apps/web/src/pages/workspaces/[workspaceId]/users/new.tsx
@@ -19,6 +19,7 @@ import { PortalTooltip } from '@/components/Tooltips'
 import useResettableState from '@/hooks/useResettableState'
 import { UserRoundCheck } from 'lucide-react'
 import ScrollBar from '@/components/ScrollBar'
+import { useSession } from '@/hooks/useAuth'
 
 const pagePath = (workspaceId: string) => [
   { name: 'Configurations', icon: Cog8ToothIcon, href: '#', current: false },
@@ -66,8 +67,13 @@ export default function NewUserPage() {
     setUser(null)
   }, [router, workspaceId])
 
+  const session = useSession({ redirectToLogin: true })
+  if (!session.data) {
+    return null
+  }
+
   return (
-    <Layout pagePath={pagePath(workspaceId)}>
+    <Layout pagePath={pagePath(workspaceId)} user={session.data}>
       <ScrollBar className="w-full overflow-auto">
         <UserForm workspaceId={workspaceId} onSubmit={onSubmit} />
       </ScrollBar>
diff --git a/apps/web/src/pages/workspaces/index.tsx b/apps/web/src/pages/workspaces/index.tsx
index 5224d370..b21a04d5 100644
--- a/apps/web/src/pages/workspaces/index.tsx
+++ b/apps/web/src/pages/workspaces/index.tsx
@@ -1,31 +1,58 @@
-import { useSession, useSignout } from '@/hooks/useAuth'
+import { useSession } from '@/hooks/useAuth'
 import { useWorkspaces } from '@/hooks/useWorkspaces'
 import { useRouter } from 'next/router'
-import { useEffect } from 'react'
+import { useEffect, useMemo } from 'react'
+
+export function getUserRedirectWorkspace(
+  workspaces: { id: string; ownerId: string }[],
+  user: { id: string; lastVisitedWorkspaceId: string | null }
+) {
+  return (
+    workspaces.find(
+      (workspace) => workspace.id === user.lastVisitedWorkspaceId
+    ) ??
+    workspaces.find((workspace) => workspace.ownerId === user.id) ??
+    workspaces[0]
+  )
+}
 
 export default function WorkspacesPage() {
   const router = useRouter()
-  const [{ isLoading, data }] = useWorkspaces()
-  const signOut = useSignout()
-  const session = useSession()
+  const [workspaces] = useWorkspaces()
+  const session = useSession({ redirectToLogin: true })
+
+  const workspaceId = useMemo(() => {
+    if (
+      !workspaces.isLoading &&
+      !session.isLoading &&
+      workspaces.data &&
+      session.data
+    ) {
+      return getUserRedirectWorkspace(workspaces.data, session.data)?.id
+    }
+
+    return null
+  }, [workspaces.isLoading, workspaces.data, session.data, session.isLoading])
 
   useEffect(() => {
-    if (isLoading || session.isLoading) {
+    if (session.isLoading) {
       return
     }
 
-    const workspace =
-      data.find(
-        (workspace) => workspace.id === session.data?.lastVisitedWorkspaceId
-      ) ??
-      data.find((workspace) => workspace.ownerId === session.data?.id) ??
-      data[0]
-    if (!workspace) {
-      signOut()
-    } else {
-      router.replace(`/workspaces/${workspace.id}/documents`)
+    if (workspaceId) {
+      router.replace(`/workspaces/${workspaceId}/documents`)
     }
-  }, [isLoading, data, signOut, router])
+  }, [workspaceId, session.isLoading, router])
+
+  if (!session.data) {
+    return null
+  }
+
+  if (!workspaces.isLoading && !workspaceId) {
+    return (
+      <h4>You do not have access to any workspaces. Contact your admin.</h4>
+    )
+  }
 
   return null
 }
diff --git a/apps/web/src/utils/fetcher.ts b/apps/web/src/utils/fetcher.ts
index d3136631..71e7f9a1 100644
--- a/apps/web/src/utils/fetcher.ts
+++ b/apps/web/src/utils/fetcher.ts
@@ -1,3 +1,24 @@
+export class AuthenticationError extends Error {
+  constructor(public readonly url: string) {
+    super('Authentication required')
+    this.name = 'AuthenticationError'
+  }
+}
+
+export class UnauthorizedError extends AuthenticationError {
+  constructor(public readonly url: string) {
+    super(url)
+    this.name = 'UnauthorizedError'
+  }
+}
+
+export class ForbiddenError extends AuthenticationError {
+  constructor(public readonly url: string) {
+    super(url)
+    this.name = 'ForbiddenError'
+  }
+}
+
 export class ResourceNotFoundError extends Error {
   public url: string
   constructor(url: string) {
@@ -13,6 +34,14 @@ export default async function fetcher<T>(url: string): Promise<T> {
     throw new ResourceNotFoundError(url)
   }
 
+  if (res.status === 401) {
+    throw new UnauthorizedError(url)
+  }
+
+  if (res.status === 403) {
+    throw new ForbiddenError(url)
+  }
+
   const data = await res.json()
   return data
 }
diff --git a/apps/web/src/utils/isBanned.ts b/apps/web/src/utils/isBanned.ts
deleted file mode 100644
index 9f6ef66d..00000000
--- a/apps/web/src/utils/isBanned.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-const bannedUsers = ['dumpdumb77@gmail.com', 'leonid.danilchenko@jetbrains.com']
-
-export const isBanned = (email: string) => bannedUsers.includes(email)