diff --git a/web/src/lib/api.ts b/web/src/lib/api.ts
index 46791cf..f6755c1 100644
--- a/web/src/lib/api.ts
+++ b/web/src/lib/api.ts
@@ -46,6 +46,13 @@ async function request<T>(path: string, init?: RequestInit): Promise<T> {
 		headers
 	});
 
+	// Redirect to login on 401 (expired/missing token).
+	if (res.status === 401 && typeof window !== 'undefined' && !path.includes('/auth/')) {
+		localStorage.removeItem('auth_token');
+		window.location.href = '/login';
+		throw new ApiError('Authentication required', 401);
+	}
+
 	let envelope: ApiEnvelope<T>;
 	try {
 		envelope = await res.json();