diff --git a/server/router/handler/handler_test.go b/server/router/handler/handler_test.go
new file mode 100644
index 0000000..0e3b51e
--- /dev/null
+++ b/server/router/handler/handler_test.go
@@ -0,0 +1,16 @@
+package handler_test
+
+import (
+	"testing"
+
+	db_ "git.ekzyis.com/ekzyis/delphi.market/db"
+	"git.ekzyis.com/ekzyis/delphi.market/test"
+)
+
+var (
+	db *db_.DB
+)
+
+func TestMain(m *testing.M) {
+	test.Main(m, db)
+}
diff --git a/server/router/handler/login_test.go b/server/router/handler/login_test.go
index 699745a..a80877b 100644
--- a/server/router/handler/login_test.go
+++ b/server/router/handler/login_test.go
@@ -2,6 +2,7 @@ package handler_test
 
 import (
 	"database/sql"
+	"encoding/hex"
 	"fmt"
 	"net/http"
 	"net/http/httptest"
@@ -12,22 +13,15 @@ import (
 	"git.ekzyis.com/ekzyis/delphi.market/server/router/context"
 	"git.ekzyis.com/ekzyis/delphi.market/server/router/handler"
 	"git.ekzyis.com/ekzyis/delphi.market/test"
+	"github.com/decred/dcrd/dcrec/secp256k1/v4"
 	"github.com/labstack/echo/v4"
 	"github.com/stretchr/testify/assert"
 )
 
-var (
-	db *db_.DB
-)
-
 func init() {
 	test.Init(&db)
 }
 
-func TestMain(m *testing.M) {
-	test.Main(m, db)
-}
-
 func TestLogin(t *testing.T) {
 	var (
 		assert      = assert.New(t)
@@ -72,6 +66,8 @@ func TestLoginCallback(t *testing.T) {
 		sc       context.ServerContext
 		req      *http.Request
 		rec      *httptest.ResponseRecorder
+		sk       *secp256k1.PrivateKey
+		pk       *secp256k1.PublicKey
 		lnAuth   *auth.LNAuth
 		dbLnAuth *db_.LNAuth
 		u        *db_.User
@@ -90,10 +86,15 @@ func TestLoginCallback(t *testing.T) {
 		return
 	}
 
-	key, sig, err = test.Sign(lnAuth.K1)
+	sk, pk, err = test.GenerateKeyPair()
+	if !assert.NoErrorf(err, "error generating keypair") {
+		return
+	}
+	sig, err = test.Sign(sk, lnAuth.K1)
 	if !assert.NoErrorf(err, "error signing k1") {
 		return
 	}
+	key = hex.EncodeToString(pk.SerializeCompressed())
 
 	sc = context.ServerContext{Db: db}
 	e, req, rec = test.HTTPMocks("GET", fmt.Sprintf("/api/login?k1=%s&key=%s&sig=%s", lnAuth.K1, key, sig), nil)
diff --git a/server/router/handler/logout_test.go b/server/router/handler/logout_test.go
new file mode 100644
index 0000000..0b3ac32
--- /dev/null
+++ b/server/router/handler/logout_test.go
@@ -0,0 +1,72 @@
+package handler_test
+
+import (
+	"database/sql"
+	"encoding/hex"
+	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	db_ "git.ekzyis.com/ekzyis/delphi.market/db"
+	"git.ekzyis.com/ekzyis/delphi.market/server/router/context"
+	"git.ekzyis.com/ekzyis/delphi.market/server/router/handler"
+	"git.ekzyis.com/ekzyis/delphi.market/test"
+	"github.com/decred/dcrd/dcrec/secp256k1/v4"
+	"github.com/labstack/echo/v4"
+	"github.com/stretchr/testify/assert"
+)
+
+func init() {
+	test.Init(&db)
+}
+
+func TestLogout(t *testing.T) {
+	var (
+		assert = assert.New(t)
+		e      *echo.Echo
+		c      echo.Context
+		sc     context.ServerContext
+		req    *http.Request
+		rec    *httptest.ResponseRecorder
+		pk     *secp256k1.PublicKey
+		s      *db_.Session
+		key    string
+		err    error
+	)
+	sc = context.ServerContext{Db: db}
+	e, req, rec = test.HTTPMocks("POST", "/logout", nil)
+
+	_, pk, err = test.GenerateKeyPair()
+	if !assert.NoErrorf(err, "error generating keypair") {
+		return
+	}
+	key = hex.EncodeToString(pk.SerializeCompressed())
+	err = sc.Db.CreateUser(&db_.User{Pubkey: key})
+	if !assert.NoErrorf(err, "error creating user") {
+		return
+	}
+	s = &db_.Session{Pubkey: key}
+	err = sc.Db.QueryRow("SELECT encode(gen_random_uuid()::text::bytea, 'base64')").Scan(&s.SessionId)
+	if !assert.NoErrorf(err, "error creating session id") {
+		return
+	}
+
+	// create session
+	err = sc.Db.CreateSession(s)
+	if !assert.NoErrorf(err, "error creating session") {
+		return
+	}
+
+	// session authentication via cookie
+	req.Header.Add("cookie", fmt.Sprintf("session=%s", s.SessionId))
+
+	c = e.NewContext(req, rec)
+	err = handler.HandleLogout(sc)(c)
+	assert.NoErrorf(err, "handler returned error")
+
+	// session must have been deleted
+	err = sc.Db.FetchSession(s)
+	assert.ErrorIsf(err, sql.ErrNoRows, "session not deleted")
+
+}
diff --git a/test/lnauth.go b/test/lnauth.go
index 0a54901..129a105 100644
--- a/test/lnauth.go
+++ b/test/lnauth.go
@@ -8,21 +8,28 @@ import (
 	"github.com/decred/dcrd/dcrec/secp256k1/v4"
 )
 
-func Sign(k1_ string) (string, string, error) {
+func GenerateKeyPair() (*secp256k1.PrivateKey, *secp256k1.PublicKey, error) {
 	var (
 		sk  *secp256k1.PrivateKey
+		err error
+	)
+	if sk, err = secp256k1.GeneratePrivateKey(); err != nil {
+		return nil, nil, err
+	}
+	return sk, sk.PubKey(), nil
+}
+
+func Sign(sk *secp256k1.PrivateKey, k1_ string) (string, error) {
+	var (
 		k1  []byte
 		sig []byte
 		err error
 	)
 	if k1, err = hex.DecodeString(k1_); err != nil {
-		return "", "", err
-	}
-	if sk, err = secp256k1.GeneratePrivateKey(); err != nil {
-		return "", "", err
+		return "", err
 	}
 	if sig, err = ecdsa.SignASN1(rand.Reader, sk.ToECDSA(), k1); err != nil {
-		return "", "", err
+		return "", err
 	}
-	return hex.EncodeToString(sk.PubKey().SerializeCompressed()), hex.EncodeToString(sig), nil
+	return hex.EncodeToString(sig), nil
 }