diff --git a/Gemfile.lock b/Gemfile.lock
index 98d163e..c040098 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -101,7 +101,7 @@ GEM
     bootstrap-sass (3.4.1)
       autoprefixer-rails (>= 5.2.1)
       sassc (>= 2.0.0)
-    brakeman (8.0.2)
+    brakeman (8.0.4)
       racc
     builder (3.3.0)
     capybara (3.40.0)
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 7410138..2031bdf 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -7,17 +7,15 @@ class ApplicationController < ActionController::Base
   private
 
   def check_user_token
-    unless session[:user_token]
-      render "puzzles/login"
-    end
+    render "puzzles/login" and return unless session[:user_token]
   end
 
   def check_session_expiry
     if session[:expires_at].present? && Time.current > session[:expires_at]
       reset_session
-      render "puzzles/login"
-    else
-      session[:expires_at] = 1.hour.from_now
+      render "puzzles/login" and return
     end
+
+    session[:expires_at] = 1.hour.from_now
   end
 end
diff --git a/test/controllers/puzzles_controller_test.rb b/test/controllers/puzzles_controller_test.rb
index 6f64d3a..32d0618 100644
--- a/test/controllers/puzzles_controller_test.rb
+++ b/test/controllers/puzzles_controller_test.rb
@@ -7,6 +7,12 @@ class PuzzlesControllerTest < ActionDispatch::IntegrationTest
     assert_response :success
   end
 
+  test "unauthenticated request renders login page" do
+    get puzzles_path
+    assert_response :success
+    assert_match "login", response.body.downcase
+  end
+
   test "should show error message when editing puzzle with invalid data" do
     puzzle = puzzles(:one)