diff --git a/app.py b/app.py
index d5b6e9f..713fbbf 100644
--- a/app.py
+++ b/app.py
@@ -25,7 +25,7 @@ class App:
         self.jwt_manager = JWTManager(self.app)
         self.app.config['JWT_TOKEN_LOCATION'] = ['cookies']
         self.app.config['JWT_COOKIE_NAME'] = 'access_token_cookie'
-
+        self.app.config['JWT_COOKIE_CSRF_PROTECT'] = False
 
     def register_blueprints(self):
         self.app.register_blueprint(userRoutes, url_prefix='/user')
diff --git a/routes/eventRoutes.py b/routes/eventRoutes.py
index 40b117d..2a6825a 100644
--- a/routes/eventRoutes.py
+++ b/routes/eventRoutes.py
@@ -1,6 +1,6 @@
 from flask import Blueprint, jsonify, request
 from services.EventService import EventService
-from middlewares import validate_event_post_request
+from middlewares import validate_event_post_request, authenticate_user
 
 eventRoutes = Blueprint('eventRoutes', __name__)
 
@@ -8,6 +8,7 @@ eventRoutes = Blueprint('eventRoutes', __name__)
 @eventRoutes.route('/', methods=['POST'])
 @eventRoutes.route('', methods=['POST'])
 @validate_event_post_request
+@authenticate_user
 def create_event():
     try: 
         data = request.json
@@ -22,6 +23,7 @@ def create_event():
 # Get All Events
 @eventRoutes.route('/', methods=['GET'])
 @eventRoutes.route('', methods=['GET'])
+@authenticate_user
 def get_events():
     try:
         return {"events": EventService.get_all_events()}, 200
@@ -30,6 +32,7 @@ def get_events():
     
 # Get Event by ID
 @eventRoutes.route('/<int:event_id>', methods=['GET'])
+@authenticate_user
 def get_event(event_id):
     try:
         return {"event": EventService.get_event_by_id(event_id)}, 200
@@ -39,6 +42,7 @@ def get_event(event_id):
 # Update Event
 @eventRoutes.route('/<int:event_id>', methods=['PUT'])
 @validate_event_post_request
+@authenticate_user
 def update_event(event_id):
     try:
         data = request.json
@@ -52,6 +56,7 @@ def update_event(event_id):
     
 # DELETE Event
 @eventRoutes.route('/<int:event_id>', methods=['DELETE'])
+@authenticate_user
 def delete_event(event_id):
     try:
         deleted_event = EventService.delete_event(event_id)
diff --git a/routes/userRoutes.py b/routes/userRoutes.py
index 3112394..ce1828f 100644
--- a/routes/userRoutes.py
+++ b/routes/userRoutes.py
@@ -44,3 +44,14 @@ def loginUser():
             return jsonify({'error': 'Invalid credentials'}), 400
     except Exception as e:
         return jsonify({'error': str(e)}), 500
+    
+@userRoutes.route('/logout', methods=['POST'])
+@jwt_required(optional=True)
+def logoutUser():
+    try:
+        response = jsonify({'message': 'Logged out successfully'})
+        response.set_cookie('access_token_cookie', '', expires=0)
+        return response, 200
+    except Exception as e:
+        return jsonify({'error': str(e)}), 500
+