diff --git a/assets/page.erb b/assets/page.erb
index c67034b..05966d4 100644
--- a/assets/page.erb
+++ b/assets/page.erb
@@ -110,10 +110,36 @@
     button:hover {
       background: #166534;
     }
+
+    .logout-form {
+      position: fixed;
+      top: 1rem;
+      right: 1rem;
+    }
+
+    .logout-btn {
+      width: auto;
+      padding: 0.4rem 0.8rem;
+      margin: 0;
+      background: #1e2433;
+      color: #94a3b8;
+      font-size: 0.75rem;
+    }
+
+    .logout-btn:hover {
+      background: #2a3040;
+    }
   </style>
 </head>
 <body>
 
+<% if authenticated %>
+  <form method="post" class="logout-form">
+    <input type="hidden" name="action" value="logout">
+    <button type="submit" class="logout-btn">Log Out</button>
+  </form>
+<% end %>
+
 <header>
   <h1><span><%= hostname %></span> status - MALP</h1>
 </header>
diff --git a/cgi-bin/malp.rb b/cgi-bin/malp.rb
index 82212f2..3023c91 100755
--- a/cgi-bin/malp.rb
+++ b/cgi-bin/malp.rb
@@ -50,10 +50,23 @@ def create_session
   token
 end
 
+def remove_session(token)
+  return if token.nil? || token.empty?
+  sessions = load_sessions.reject { |t, _| t == token }
+  File.write(SESSIONS_FILE, sessions.map { |t, ts| "#{t}:#{ts}" }.join("\n") + "\n")
+end
+
 session_token = (cgi.cookies["MALP"] || []).first
 authenticated = valid_session?(session_token)
 cookie = nil
 
+if cgi.request_method == "POST" && authenticated && cgi.params["action"]&.first == "logout"
+  remove_session(session_token)
+  cookie = CGI::Cookie.new("name" => "MALP", "value" => "", "path" => "/", "expires" => Time.at(0))
+  print cgi.header("Status" => "303 See Other", "Location" => ENV["REQUEST_URI"], "cookie" => cookie)
+  exit
+end
+
 if cgi.request_method == "POST" && !authenticated
   username = cgi.params["username"]&.first.to_s
   password = cgi.params["password"]&.first.to_s