diff --git a/angular_app/index.html b/angular_app/index.html
index 5a60672..2393b61 100644
--- a/angular_app/index.html
+++ b/angular_app/index.html
@@ -50,6 +50,9 @@
                         <li ng-class="{active: n.isActive('/events') || n.isActive('/event')}"><a ui-sref="events">{{'Events' | translate}}</a></li>
                         <li ng-class="{active: n.isActive('/persons') ||  n.isActive('/person') || n.isActive('/import/persons')}"><a ui-sref="persons">{{'Persons' | translate}}</a></li>
                     </ul>
+                    <ul class="nav navbar-nav navbar-right">
+                        <li><a href="/logout">{{'logout' | translate}}</a></li>
+                    </ul>
                 </div>
             </div>
         </nav>
diff --git a/angular_app/login.html b/angular_app/login.html
index 4418c70..869ea21 100644
--- a/angular_app/login.html
+++ b/angular_app/login.html
@@ -67,7 +67,7 @@ function getUrlParameter(sParam) {
 
 $(document).ready(function() {
     if (getUrlParameter('failed')) {
-        $('wronglogin').removeClass('hidden');
+        $('#wronglogin').removeClass('hidden');
     }
 });
 
diff --git a/eventman_server.py b/eventman_server.py
index 6ac1f5b..b352e9b 100755
--- a/eventman_server.py
+++ b/eventman_server.py
@@ -78,12 +78,21 @@ class BaseHandler(tornado.web.RequestHandler):
         for key, value in kwargs.iteritems():
             setattr(self, key, value)
 
+    def get_current_user(self):
+        """Retrieve current user from the secure cookie."""
+        return self.get_secure_cookie("user")
+
+    def logout(self):
+        """Remove the secure cookie used fro authentication."""
+        self.clear_cookie("user")
+
 
 class RootHandler(BaseHandler):
     """Handler for the / path."""
     angular_app_path = os.path.join(os.path.dirname(__file__), "angular_app")
 
     @gen.coroutine
+    @tornado.web.authenticated
     def get(self, *args, **kwargs):
         # serve the ./angular_app/index.html file
         with open(self.angular_app_path + "/index.html", 'r') as fd:
@@ -159,6 +168,7 @@ class CollectionHandler(BaseHandler):
         return ret
 
     @gen.coroutine
+    @tornado.web.authenticated
     def get(self, id_=None, resource=None, resource_id=None, **kwargs):
         if resource:
             # Handle access to sub-resources.
@@ -177,6 +187,7 @@ class CollectionHandler(BaseHandler):
             self.write({self.collection: self.db.query(self.collection)})
 
     @gen.coroutine
+    @tornado.web.authenticated
     def post(self, id_=None, resource=None, resource_id=None, **kwargs):
         data = escape.json_decode(self.request.body or '{}')
         if resource:
@@ -195,6 +206,7 @@ class CollectionHandler(BaseHandler):
     put = post
 
     @gen.coroutine
+    @tornado.web.authenticated
     def delete(self, id_=None, resource=None, resource_id=None, **kwargs):
         if resource:
             # Handle access to sub-resources.
@@ -448,6 +460,7 @@ class EbCSVImportPersonsHandler(BaseHandler):
             'company', 'job_title')
 
     @gen.coroutine
+    @tornado.web.authenticated
     def post(self, **kwargs):
         event_handler = EventsHandler(self.application, self.request)
         event_handler.db = self.db
@@ -489,6 +502,7 @@ class EbCSVImportPersonsHandler(BaseHandler):
 class SettingsHandler(BaseHandler):
     """Handle requests for Settings."""
     @gen.coroutine
+    @tornado.web.authenticated
     def get(self, **kwds):
         query = self._arguments_tobool()
         settings = self.db.query('settings', query)
@@ -537,9 +551,19 @@ class LoginHandler(RootHandler):
         password = self.get_body_argument('password')
         if username != 'admin' and password != 'eventman':
             self.redirect('/login?failed=1')
+        else:
+            self.set_secure_cookie("user", username)
         self.redirect('/')
 
 
+class LogoutHandler(RootHandler):
+    """Handle user logout requests."""
+    @gen.coroutine
+    def get(self, **kwds):
+        self.logout()
+        self.redirect('/login')
+
+
 def run():
     """Run the Tornado web application."""
     # command line arguments; can also be written in a configuration file,
@@ -577,6 +601,7 @@ def run():
             (r"/settings", SettingsHandler, init_params),
             _ws_handler,
             (r'/login', LoginHandler),
+            (r'/logout', LogoutHandler),
             (r'/(.*)', tornado.web.StaticFileHandler, {"path": "angular_app"})
         ],
         template_path=os.path.join(os.path.dirname(__file__), "templates"),