diff --git a/controllers/Auth.php b/controllers/Auth.php
index 50e2dc8..d6e0b85 100644
--- a/controllers/Auth.php
+++ b/controllers/Auth.php
@@ -13,6 +13,17 @@ class Auth {
     return $response;
   }
 
+  public function logout(Request $request, Response $response) {
+    session_start();
+    if(array_key_exists('user_id', $_SESSION)) {
+      $_SESSION['user_id'] = null;
+      session_destroy();
+    }
+    $response->setStatusCode(302);
+    $response->headers->set('Location', '/login');
+    return $response;
+  }
+
   public function login_start(Request $request, Response $response) {
 
     if(!$request->get('url') || !($me = IndieAuth\Client::normalizeMeURL($request->get('url')))) {
@@ -102,9 +113,35 @@ class Auth {
     }
 
     // Create or load the user
+    $user = ORM::for_table('users')->where('url', $token['auth']['me'])->find_one();
+    if(!$user) {
+      $user = ORM::for_table('users')->create();
+      $user->url = $token['auth']['me'];
+      $user->created_at = date('Y-m-d H:i:s');
+      $user->last_login = date('Y-m-d H:i:s');
+      $user->save();
+
+      // Create a site for them with the default role
+      $site = ORM::for_table('sites')->create();
+      $site->name = 'My Website';
+      $site->created_by = $user->id;
+      $site->created_at = date('Y-m-d H:i:s');
+      $site->save();
+
+      $role = ORM::for_table('roles')->create();
+      $role->site_id = $site->id;
+      $role->user_id = $user->id;
+      $role->role = 'owner';
+      $role->token = random_string(32);
+      $role->save();
+
+    } else {
+      $user->last_login = date('Y-m-d H:i:s');
+      $user->save();
+    }
 
     session_start();
-    $_SESSION['me'] = $token['auth']['me'];
+    $_SESSION['user_id'] = $user->id;
     $response->setStatusCode(302);
     $response->headers->set('Location', ($state->return_to ?: '/dashboard'));
     return $response;
diff --git a/controllers/Controller.php b/controllers/Controller.php
index 7f99b06..1ca2f7c 100644
--- a/controllers/Controller.php
+++ b/controllers/Controller.php
@@ -6,7 +6,7 @@ class Controller {
 
   private function _is_logged_in(&$request, &$response) {
     session_start();
-    if(!array_key_exists('me', $_SESSION)) {
+    if(!array_key_exists('user_id', $_SESSION)) {
       session_destroy();
       $response->setStatusCode(302);
       $response->headers->set('Location', '/login?return_to='.$request->getPathInfo());
diff --git a/lib/helpers.php b/lib/helpers.php
index b22e412..994d861 100644
--- a/lib/helpers.php
+++ b/lib/helpers.php
@@ -24,3 +24,13 @@ function q() {
   }
   return $caterpillar;
 }
+
+function random_string($len) {
+  $charset='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
+  $str = '';
+  $c = strlen($charset)-1;
+  for($i=0; $i<$len; $i++) {
+    $str .= $charset[mt_rand(0, $c)];
+  }
+  return $str;
+}
diff --git a/public/index.php b/public/index.php
index fc810dd..bfb8af2 100644
--- a/public/index.php
+++ b/public/index.php
@@ -15,6 +15,7 @@ $router->addRoute('POST', '/webmention', 'API::webmention');
 $router->addRoute('GET', '/webmention/{code}', 'API::webmention_status');
 
 $router->addRoute('GET', '/login', 'Auth::login');
+$router->addRoute('GET', '/logout', 'Auth::logout');
 $router->addRoute('POST', '/login/start', 'Auth::login_start');
 $router->addRoute('GET', '/login/callback', 'Auth::login_callback');