diff --git a/requests/user.http b/requests/user.http
index 915fc55..c9fe187 100644
--- a/requests/user.http
+++ b/requests/user.http
@@ -43,3 +43,13 @@ Content-Type: application/json
     "old": "DkgnWspm4To2ww==",
     "new": "Kolata"
 }
+
+
+###
+
+DELETE {{url}}/admin/user HTTP/1.1
+Content-Type: application/json
+
+{
+    "userid": "68e0f66a7b5795e3704501cf"
+}
diff --git a/src/auth.js b/src/auth.js
index 128fe74..16f194e 100644
--- a/src/auth.js
+++ b/src/auth.js
@@ -12,9 +12,9 @@ export function initAuth(app, db) {
 }
 
 async function getUserInfo(req, res) {
-    const sessiontoken = await updateSessionToken(users, req.user._id);
+    // const sessiontoken = await updateSessionToken(users, req.user._id);
 
-    setTokenCookie(res, sessiontoken);
+    // setTokenCookie(res, sessiontoken);
 
     res.status(200).send({
         username: req.user.username,
@@ -30,7 +30,7 @@ async function checkSessionToken(req, res, next) {
     }
 
     const token = req.cookies.jeopardytoken;
-    
+
     let user = await users.findOne({sessiontoken: token});
 
     if (user === null) {
@@ -108,7 +108,7 @@ function setTokenCookie(res, sessiontoken) {
     expires.setDate(expires.getDate() + 1);
 
     res.cookie('jeopardytoken', sessiontoken, {
-        maxAge: 1e3 * 60 * 60 * 24,
+        maxAge: 1e3 * 60 * 60 * 24 * 7,
         path: "/"
     })
 }
diff --git a/src/user.js b/src/user.js
index 3d28457..eb7ebc6 100644
--- a/src/user.js
+++ b/src/user.js
@@ -9,15 +9,23 @@ let users;
 export function initUsers(app, db) {
     users = db.collection('users');
     app.put('/admin/user', createUser);
+    app.delete('/admin/user', deleteUser);
     app.get('/admin/user/list', userlist);
     app.post('/admin/user/resetpw', resetpassword);
     app.post('/admin/user/changerole', changerole);
     app.get('/admin/roles', getRoles);
     app.post('/user/changepw', changePassword);
+    app.post('/user/logout', logoutUser);
 }
 
 async function createUser(req, res) {
     const username = req.body.username;
+
+    if (username.length <= 0) {
+        res.status(400).send();
+        return;
+    }
+
     // check if user exists
     let foundUser = await users.findOne({username});
 
@@ -38,6 +46,25 @@ async function createUser(req, res) {
     });
 }
 
+async function deleteUser(req, res) {
+    /** @type {string} */
+    const userid = req.body.userid;
+    const _id = new ObjectId(userid);
+
+    if (userid === req.user._id.toString()) {
+        console.log("Cant delete yourself");
+        res.status(400).send();
+        return;
+    }
+
+    const foundUser = userExists(res, users, _id);
+    if (foundUser === null) return;
+
+    await users.deleteOne({_id});
+
+    res.status(200).send();
+}
+
 async function userlist(req, res) {
     const result = await users.find().project({
             username: 1,
@@ -73,7 +100,7 @@ async function changerole(req, res) {
     const newrole = req.body.role;
 
     if (!isValidRole(newrole)) {
-        res.status(400).send();
+        res.status(400).send("No valid role");
         return;
     }
 
@@ -112,3 +139,13 @@ async function changePassword(req, res) {
 
     res.status(200).send();
 }
+
+async function logoutUser(req, res) {
+    await users.updateOne({_id: req.user._id}, {
+        $set: {
+            sessiontoken: ""
+        }
+    });
+
+    res.status(200).send();
+}