diff --git a/management/auth.py b/management/auth.py
index 52750732..a705eacb 100644
--- a/management/auth.py
+++ b/management/auth.py
@@ -145,6 +145,11 @@ class KeyAuthService:
 		# Check whether the provided token in request cookie matches the one we stored for the user.
 		return self.check_user_token(email, request.cookies.get("miab-cp-token"), request, env)
 
+	def remove_user_token(self, email, request, env):
+		# Remove the user's token from the in-memory session database.
+		# Returns the invalidated token if exists.
+		return KeyAuthService.__token_dict.pop(email)
+
 	def create_user_key(self, email, env):
 		# Create a user API key, which is a shared secret that we can re-generate from
 		# static information in our database. The shared secret contains the user's
diff --git a/management/daemon.py b/management/daemon.py
index 579d017d..8beeed60 100755
--- a/management/daemon.py
+++ b/management/daemon.py
@@ -174,6 +174,19 @@ def me():
 	# Return.
 	return resp
 
+
+@app.route('/bye')
+def bye():
+	try:
+		email, _, _ = auth_service.authenticate(request, env)
+		auth_service.remove_user_token(email, request, env)
+	except ValueError:
+		pass  # Unauthorized users can logout too, simply do nothing.
+	finally:
+		resp = Response()
+		resp.set_cookie("miab-cp-token", expires=0)  # Removes the token cookie
+		return resp
+
 # MAIL
 
 @app.route('/mail/users')