diff --git a/index.pl b/index.pl
index 69d1079e1494c13aa1d1f92624418f94cc452264..6331d45c08bf33318b77f25e1a97c1ebf319cd02 100755
--- a/index.pl
+++ b/index.pl
@@ -1176,6 +1176,10 @@ get '/export.json' => sub {
 
 post '/logout' => sub {
 	my ($self) = @_;
+	if ( $self->validation->csrf_protect->has_error('csrf_token') ) {
+		$self->render( 'login', invalid => 'csrf' );
+		return;
+	}
 	$self->logout;
 	$self->redirect_to('/login');
 };
diff --git a/templates/login.html.ep b/templates/login.html.ep
index f85ba9107e9ccf36efb90e57777a97091905e3ad..23d3259ded9bc658c813817e063dc80a435e2edb 100644
--- a/templates/login.html.ep
+++ b/templates/login.html.ep
@@ -7,7 +7,13 @@
 					<p>
 						Du bist bereits angemeldet. Falls du mehrere Accounts hast
 						und auf einen anderen wechseln möchtest, musst du dich
-						vorher <a href="/logout">abmelden</a>.
+						vorher
+						%= form_for 'logout' => begin
+							%= csrf_field
+							<button class="btn waves-effect waves-light" type="submit" name="action" value="logout">
+								Abmelden
+							</button>
+						%= end
 					</p>
 				</div>
 			</div>