diff --git a/README.md b/README.md
index d95905f..5bac64b 100644
--- a/README.md
+++ b/README.md
@@ -1,10 +1,19 @@
# Secure Coding with Python.
-## Chapter 4: Broken Authentication
-### Fix
-In order to avoid giving to much information, we need to use a more generic error message that doesn't give away specifics of the users.
+## Chapter 5: Broken De-Authentication
+### Requirement
+Now that users are allowed to login, we need to let them logout.
-**Proceed to [next section](https://github.com/nxvl/secure-coding-with-python/tree/5.1-broken-deauthentication/code)**
+### Development
+We set the `logged_in` session value to `False` and redirect the user to the login page.
+
+### Vulnerability
+Since flask by default uses cookie store for the sessions, we rely on the information stored in it as the ultimate
+source of truth. A source of truth that the user has control over. Because of this, if an attacker get's his/her
+hands on a session cookie, they could use them, even after the user logged out to get into the user's account.
+
+
+**Proceed to [next section](https://github.com/nxvl/secure-coding-with-python/tree/5.1-broken-deauthentication/test)**
## Index
### 1. Vulnerable Components
diff --git a/marketplace/templates/users/welcome.html b/marketplace/templates/users/welcome.html
index 95f17d4..061d57b 100644
--- a/marketplace/templates/users/welcome.html
+++ b/marketplace/templates/users/welcome.html
@@ -5,5 +5,6 @@ {% block title %}Welcome{% endblock %}
{% endblock %}
{% block content %}
+Logout
Welcome to the marketplace!
{% endblock %}
diff --git a/marketplace/users.py b/marketplace/users.py
index be46eb7..3dd49fe 100644
--- a/marketplace/users.py
+++ b/marketplace/users.py
@@ -40,7 +40,13 @@ def login():
return render_template('users/login.html', error=error)
+@bp.route('/logout', methods=('GET',))
+def logout():
+ session['logged_in'] = False
+ return redirect(url_for('users.login'))
+
+
@bp.route('/welcome', methods=('GET',))
@auth
-def welcome():
+def welcome(user):
return render_template('users/welcome.html')