If I understand your issues then I think the system is behaving as expected, so maybe there is some misunderstanding on your part?
This is my understanding of what is happening :-
However, I think there is some confusion about application configuration. Your expectation is that existing application configuration will be updated to pick up the new ingress configuration automatically.
The "single source of truth" for application configuration does not necessarily reside within cluster object configurations, such as deployments, services, routes, .... The configuration for an application may be controlled by a Helm chart deployment, an operator instance or within a git repository (using GitOps with ArgoCD), so the cluster should not arbitrarily modify a deployed application and any manual configuration modifications may be reverted back to their original values. The host value for an application route (and possible TLS termination) may be part of the application configuration, so the application configuration needs to be updated then applied to the cluster.
Each application that should be exposed using the new or amended Ingress instance will need to have a route configured to use the ingress. How this is achieved will depend on how the application was deployed and what is controlling/monitoring the application configuration. Then any links that you want to use the new domains, such as Console Links, will need to be manually updated to use the new routes.
If there are a large number of applications then a scripted approach using Ansible or a shell script may be appropriate, but again the content of the script will depend on how the configuration for each application is being managed.
Does this addresses your issues? If there are sections of the documentation that need improving or additional content, then please add a comment below.
There is a lot going on in this thread and I'm not sure what the login issues are?