diff --git a/lib/simpleshop_theme_web/theme_hook.ex b/lib/simpleshop_theme_web/theme_hook.ex
index 5f0e8f0..f085533 100644
--- a/lib/simpleshop_theme_web/theme_hook.ex
+++ b/lib/simpleshop_theme_web/theme_hook.ex
@@ -42,12 +42,13 @@ defmodule SimpleshopThemeWeb.ThemeHook do
     {:cont, socket}
   end
 
-  def on_mount(:require_site_live, _params, session, socket) do
+  def on_mount(:require_site_live, _params, _session, socket) do
     cond do
       Settings.site_live?() ->
         {:cont, socket}
 
-      session["user_token"] ->
+      # mount_current_scope runs first, so current_scope is already validated
+      socket.assigns[:current_scope] && socket.assigns.current_scope.user ->
         {:cont, socket}
 
       not SimpleshopTheme.Accounts.has_admin?() ->
diff --git a/test/simpleshop_theme_web/live/shop/coming_soon_test.exs b/test/simpleshop_theme_web/live/shop/coming_soon_test.exs
index eb1dc34..a3e80f0 100644
--- a/test/simpleshop_theme_web/live/shop/coming_soon_test.exs
+++ b/test/simpleshop_theme_web/live/shop/coming_soon_test.exs
@@ -56,6 +56,16 @@ defmodule SimpleshopThemeWeb.Shop.ComingSoonTest do
       assert {:error, {:redirect, %{to: "/users/register"}}} = live(conn, ~p"/")
     end
 
+    test "redirects when session token is stale (user deleted)", %{conn: conn} do
+      user = user_fixture()
+      conn = log_in_user(conn, user)
+
+      # Delete the user — session cookie is now stale
+      SimpleshopTheme.Repo.delete!(user)
+
+      assert {:error, {:redirect, %{to: "/users/register"}}} = live(conn, ~p"/")
+    end
+
     test "gates all public shop routes", %{conn: conn} do
       user_fixture()