Hi all, I just stumbled upon an issue with the Ory registration and being automatically logged in afterwards. Let me explain: In our Ory Console we have the following settings enabled: • Authentication / Registration / Enable sign in after registration ✅ • Authentication / Account verification / Require verified address for login ✅ We configured it like this, because we do not want the users to log in manually, after they verified their email address. They should be logged in automatically, and this is working. But the issue here is, the user will be automatically logged in, even when the email verification was not done yet. So basically, once you see the "Verify your account" form, you can just navigate to the login-page and you are logged in. Is this a bug or is it meant to be like this? If it's the latter, is it somehow possible to achieve automatic-login, but only after the verification was done?

We have a bunch of improvements for this specific case lined up. Should be rolling out in the next couple of weeks. Keep an eye on the changelog.

Okay, thanks! 🙂

Unfortunately, this was a misunderstanding and this issue is not resolved yet. We likely won't be able to address it in the near future, due to other items on our roadmap. If you need strict, verified addresses only sessions, you can turn off session after verification. If you want a more seamless user experience, you can turn it on, but that will come at the cost of initial sessions being for account with unverified email addresses. However, you can resolve this issue in your own code, by adding some kind of middleware that checks the verification status of the current session and redirects the user to the verification page, if they have not yet verified their address.