diff --git a/app/controllers/concerns/shopify_app/ensure_authenticated_links.rb b/app/controllers/concerns/shopify_app/ensure_authenticated_links.rb
new file mode 100644
index 000000000..acddeb537
--- /dev/null
+++ b/app/controllers/concerns/shopify_app/ensure_authenticated_links.rb
@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module ShopifyApp
+  module EnsureAuthenticatedLinks
+    extend ActiveSupport::Concern
+
+    included do
+      before_action :redirect_to_splash_page, if: :missing_expected_jwt?
+    end
+
+    private
+
+    def redirect_to_splash_page
+      splash_page_path = root_path(return_to: request.fullpath, shop: current_shopify_domain)
+      redirect_to(splash_page_path)
+    end
+
+    def missing_expected_jwt?
+      jwt_shopify_domain.blank?
+    end
+  end
+end
diff --git a/test/controllers/concerns/ensure_authenticated_links_test.rb b/test/controllers/concerns/ensure_authenticated_links_test.rb
new file mode 100644
index 000000000..f6f6231b2
--- /dev/null
+++ b/test/controllers/concerns/ensure_authenticated_links_test.rb
@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+class EnsureAuthenticatedLinksTest < ActionController::TestCase
+  class TurbolinksTestController < ActionController::Base
+    include ShopifyApp::EnsureAuthenticatedLinks
+
+    def root
+      render(html: '<h1>Splash Page</ h1>')
+    end
+
+    def some_link
+      render(html: '<h1>Success</ h1>')
+    end
+
+    private
+
+    def jwt_shopify_domain
+      request.env['jwt.shopify_domain']
+    end
+
+    def current_shopify_domain
+      'test-shop.myshopify.com'
+    end
+  end
+
+  tests TurbolinksTestController
+
+  setup do
+    @shop_domain = 'test-shop.myshopify.com'
+
+    Rails.application.routes.draw do
+      root to: 'ensure_authenticated_links_test/turbolinks_test#root'
+      get '/some_link', to: 'ensure_authenticated_links_test/turbolinks_test#some_link'
+    end
+  end
+
+  teardown do
+    Rails.application.reload_routes!
+  end
+
+  test 'redirects to splash page with a return_to and shop param if no session token is present' do
+    get :some_link, params: { shop: @shop_domain }
+
+    expected_path = root_path(return_to: request.fullpath, shop: @shop_domain)
+
+    assert_redirected_to expected_path
+  end
+
+  test 'returns the requested resource if a valid session token exists' do
+    request.env['jwt.shopify_domain'] = @shop_domain
+
+    get :some_link, params: { shop: @shop_domain }
+
+    assert_response :ok
+  end
+end