To achieve the behavior where visiting https://login.alpha.qaap.io/auth checks for a valid session and: - If a valid session exists, redirects to the welcome page. - If no valid session exists, redirects to the login page. You need to implement a session check in your application logic at the

/auth

route. The session check should: 1. Call the Ory Kratos

/sessions/whoami

(or use the SDK's

toSession()

method) with the user's cookies. 2. If the session is valid, redirect to

/welcome

. 3. If the session is invalid or missing, redirect to the login page. Here is a typical Express.js middleware example for this logic:

js const requireAuth = async (req, res, next) => {   try {     const session = await ory.toSession({ cookie: req.header("cookie") })     // If session is valid, redirect to welcome     res.redirect("/welcome")   } catch (error) {     // If session is invalid, redirect to login     res.redirect(`${process.env.ORY_SDK_URL}/self-service/login/browser`)   } }  app.get("/auth", requireAuth)

This pattern is also shown in the Ory documentation for Express.js, Next.js, Go, PHP, and .NET integrations. The key is to check the session and redirect accordingly, rather than always redirecting to the welcome page regardless of session state [Protect routes](https://www.ory.sh/docs/identities/get-started/session-management) [Validate and login (Express)](https://www.ory.sh/docs/getting-started/integrate-auth/expressjs#validate-and-login). If your app always goes to the welcome page, it likely means your session check is not correctly verifying the session or is redirecting to

/welcome

unconditionally. Make sure your middleware or route handler only redirects to

/welcome

if the session is valid, and otherwise redirects to the login page. Note: If you are using a custom UI or middleware, ensure you are not intercepting the OAuth or login flow and redirecting to

/welcome

before Ory Kratos can handle the authentication, as this can cause issues in OAuth and registration flows [see this discussion](https://github.com/ory/network/issues/317). If you need a code example for a specific framework, let me know!

Based on the provided knowledge sources, there is no way to implement this exact session-check-and-redirect logic purely with kratos.yml configuration. The kratos.yml file allows you to configure default redirect URLs after flows such as login, registration, and settings, as well as to whitelist allowed return URLs and set up UI endpoints. However, it does not provide a mechanism to perform a session check on an arbitrary route (like

/auth

) and then conditionally redirect to either

/welcome

or

/login

based on session validity. The documented approach for this use case is to implement the session check in your application logic (middleware or route handler), not in the Kratos configuration. The kratos.yml can only control where users are sent after completing a self-service flow, not how arbitrary routes behave before a flow is started [Redirection](https://www.ory.sh/docs/kratos/concepts/browser-redirect-flow-completion#redirection) [Configure User Interface](https://www.ory.sh/docs/kratos/guides/deploy-kratos-example#configure-user-interface). If you want this behavior, you must implement it in your application code as shown in the previous answer.

To make https://login.alpha.qaap.io/auth redirect users to

/auth/login

by default, you cannot achieve this directly through Ory Kratos' kratos.yml configuration alone. The kratos.yml file allows you to set the UI URLs for self-service flows (like login, registration, etc.), but it does not provide a way to configure arbitrary route redirects such as

/auth

to

/auth/login

 [Configure User Interface](https://www.ory.sh/docs/kratos/guides/deploy-kratos-example#configure-user-interface) [Configure Ory to use your UI](https://www.ory.sh/docs/kratos/bring-your-own-ui/configure-ory-to-use-your-ui). To implement this redirect, you should configure your web server (such as Nginx) or your application (e.g., Express.js, Next.js) to perform the redirect. For example, in Nginx, you could add:

location = /auth {   return 302 /auth/login; }

Or, in Express.js:

js app.get('/auth', (req, res) => {   res.redirect('/auth/login'); });

This way, whenever someone visits

/auth

, they will be redirected to

/auth/login

. Summary: There is no kratos.yml setting to make

/auth

redirect to

/auth/login

. You must handle this redirect in your web server or application routing logic.