diff --git a/src/app/login/page.tsx b/src/app/login/page.tsx
index 7f9d7d7..3301592 100644
--- a/src/app/login/page.tsx
+++ b/src/app/login/page.tsx
@@ -6,7 +6,9 @@ import LoginPage from "@/components/LoginPage/LoginPage";
 
 const Login: React.FC = async () => {
   const session = await getServerSession(authOptions);
-  if (session?.user) {
+  const now = Math.floor(Date.now() / 1000);
+  const notExpired = !session?.exp || session.exp > now;
+  if (session?.user && notExpired) {
     redirect("/");
   }
 
diff --git a/src/config/authConfig.ts b/src/config/authConfig.ts
index 69a41d2..f08a163 100644
--- a/src/config/authConfig.ts
+++ b/src/config/authConfig.ts
@@ -10,6 +10,8 @@ declare module "next-auth" {
     refreshToken?: string;
     abilities: string[];
     id?: string;
+    /** JWT expiry (seconds since epoch); used to avoid redirecting to dashboard when token is expired */
+    exp?: number;
   }
 
   interface User {
@@ -88,6 +90,7 @@ export const authOptions: AuthOptions = {
       session.accessToken = token.accessToken as string | null;
       session.refreshToken = token.refreshToken as string | undefined;
       session.abilities = token.abilities as string[];
+      session.exp = token.exp as number | undefined;
 
       // Also add abilities to session.user for easier client-side access
       if (session.user) {