This is not the right way to use Guardian. You should use the EnsureAuthenticated plug to ensure they are signed in, and handle any errors in your AuthErrorHandler.
However, it looks like you are only storing the user id in the token, in which case you can probably remove Guardian completely and just store the user id directly in the session, avoiding all the complexity and indirection that comes with using Guardian.
