diff --git a/internal/http/middleware/auth.go b/internal/http/middleware/auth.go
index f97a7d8..e09c4b1 100644
--- a/internal/http/middleware/auth.go
+++ b/internal/http/middleware/auth.go
@@ -103,3 +103,18 @@ func RequireAuth() gin.HandlerFunc {
 		c.Next()
 	}
 }
+
+// Redirects authenticated users away from public auth pages.
+func PublicOnly() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		app := c.MustGet("app").(*bootstrap.App)
+		sm := app.SessionManager
+
+		if sm.Exists(c.Request.Context(), sessionkeys.UserID) {
+			c.Redirect(http.StatusSeeOther, "/")
+			c.Abort()
+			return
+		}
+		c.Next()
+	}
+}
diff --git a/internal/http/routes/accountroutes.go b/internal/http/routes/accountroutes.go
index 3e6ad6f..049ca49 100644
--- a/internal/http/routes/accountroutes.go
+++ b/internal/http/routes/accountroutes.go
@@ -11,10 +11,13 @@ func RegisterAccountRoutes(app *bootstrap.App) {
 	r := app.Router
 
 	acc := r.Group("/account")
-	acc.GET("/login", accountHandlers.LoginGet)
-	acc.POST("/login", accountHandlers.LoginPost)
-	acc.GET("/signup", accountHandlers.SignupGet)
-	acc.POST("/signup", accountHandlers.SignupPost)
+	acc.Use(middleware.PublicOnly())
+	{
+		acc.GET("/login", accountHandlers.LoginGet)
+		acc.POST("/login", accountHandlers.LoginPost)
+		acc.GET("/signup", accountHandlers.SignupGet)
+		acc.POST("/signup", accountHandlers.SignupPost)
+	}
 
 	// Protected logout
 	accAuth := r.Group("/account")