diff --git a/include/client/header.inc.php b/include/client/header.inc.php
index da763a7bbf7b1e5b9481b8d26a0dfca2c79a9997..2e9906b0b1ed9f5f5ea16da2f11908746d043d70 100644
--- a/include/client/header.inc.php
+++ b/include/client/header.inc.php
@@ -30,7 +30,7 @@ header("Content-Type: text/html; charset=UTF-8\r\n");
                 <a href="<?php echo ROOT_PATH; ?>tickets.php">My Tickets <b>(<?php echo $thisclient->getNumTickets(); ?>)</b></a> -
                 <?php
                 } ?>
-                <a href="<?php echo ROOT_PATH; ?>logout.php">Log Out</a>
+                <a href="<?php echo ROOT_PATH; ?>logout.php?auth=<?php echo $ost->getLinkToken(); ?>">Log Out</a>
              <?php
              }elseif($nav){ ?>
                  Guest User - <a href="<?php echo ROOT_PATH; ?>login.php">Log In</a>
diff --git a/include/staff/header.inc.php b/include/staff/header.inc.php
index 8475f328606a9e70892a97daef6ebb0e96aa7352..e17f5355894da0135248c76af23c42fb3cbfeead 100644
--- a/include/staff/header.inc.php
+++ b/include/staff/header.inc.php
@@ -49,7 +49,7 @@
             | <a href="index.php">Staff Panel</a>
             <?php } ?>
             | <a href="profile.php">My Preferences</a>
-            | <a href="logout.php?auth=<?php echo md5($ost->getCSRFToken().SECRET_SALT.session_id()); ?>">Log Out</a>
+            | <a href="logout.php?auth=<?php echo $ost->getLinkToken(); ?>">Log Out</a>
         </p>
     </div>
     <ul id="nav">
diff --git a/logout.php b/logout.php
index 72c3560ecc7f540febb1ea0032c9b6cd39e2d3d6..d5fcd7ba8ce085398c6b05ad30395377b868b87f 100644
--- a/logout.php
+++ b/logout.php
@@ -15,7 +15,10 @@
 **********************************************************************/
 
 require('client.inc.php');
-//We are checking to make sure the user is logged in before a logout to avoid session reset tricks on excess logins
+//Check token: Make sure the user actually clicked on the link to logout.
+if(!$_GET['auth'] || !$ost->validateLinkToken($_GET['auth']))
+   @header('Location: index.php');
+
 $_SESSION['_client']=array();
 session_unset();
 session_destroy();
diff --git a/scp/logout.php b/scp/logout.php
index 8f3b980d5e86f65d2569ade250f3437b38c072bf..25b761a19cde8134a7ea7d10360befb65fbbb2d7 100644
--- a/scp/logout.php
+++ b/scp/logout.php
@@ -15,9 +15,9 @@
     vim: expandtab sw=4 ts=4 sts=4:
 **********************************************************************/
 require('staff.inc.php');
-//CSRF Check: Make sure the user actually clicked on the link to logout.
-if(!$_GET['auth'] || $_GET['auth']!=md5($ost->getCSRFToken().SECRET_SALT.session_id()))
-   @header('Location: index.php');
+//Check token: Make sure the user actually clicked on the link to logout.
+if(!$_GET['auth'] || !$ost->validateLinkToken($_GET['auth']))
+    @header('Location: index.php');
 
 $ost->logDebug('Staff logout',
         sprintf("%s logged out [%s]",