diff --git a/src/app.js b/src/app.js
index 611b281..641fbb5 100644
--- a/src/app.js
+++ b/src/app.js
@@ -89,18 +89,19 @@ app.use(
 app.use(flash());
 app.use(passport.initialize());
 app.use(passport.session());
+//changes
+const csrfProtection = csrf({ cookie: true });
+app.use(csrfProtection);
 
-app.get("/login", limiter, (req, res) => {
+app.get("/login", limiter, csrfProtection, (req, res) => {
   if (req.isAuthenticated()) {
     return res.redirect("/");
   } else {
-    res.render("login", {
-      messages: req.flash("error") /*csrfToken: req.csrfToken()*/,
-    }); // Pass flash messages to the template
+    res.render("login", { messages: req.flash("error"), csrfToken: req.csrfToken() }); // Pass flash messages to the template
   }
 });
 
-app.post("/login", limiter, (req, res, next) => {
+app.post("/login", limiter, csrfProtection, (req, res, next) => {
   /*console.log(req.body, req.csrfToken())
   if (!req.body._csrf || req.body._csrf !== req.csrfToken()) {
     return res.status(403).send("CSRF token validation failed.");
@@ -122,12 +123,13 @@ app.post("/login", limiter, (req, res, next) => {
   })(req, res, next);
 });
 
-app.get("/logout", limiter, (req, res) => {
-  req.logout((err) => {
+app.get('/logout', limiter, (req, res) => {
+  req.session.destroy(function (err) {
     if (err) {
       console.error("Error during logout:", err);
+    } else {
+      res.redirect('/login');
     }
-    res.redirect("/login");
   });
 });
 
@@ -138,12 +140,11 @@ app.get("/", isAuthenticated, (req, res) => {
 
 app.get("/register", (req, res) => {
   if (req.isAuthenticated()) return res.redirect("/");
-  res.render("register", {
-    messages: req.flash("error") /*csrfToken: req.csrfToken()*/,
-  });
+  console.log(req.csrfToken())
+  res.render("register", { messages: req.flash("error"), csrfToken: req.csrfToken() });
 });
 
-app.post("/register", limiter, async (req, res) => {
+app.post("/register", limiter, csrfProtection, async (req, res) => {
   /*if (!req.body._csrf || req.body._csrf !== req.csrfToken()) {
     return res.status(403).send("CSRF token validation failed.");
   }*/
@@ -175,7 +176,7 @@ app.post("/register", limiter, async (req, res) => {
       username: username,
       email: email,
       password: hashedPassword,
-      fullName,
+      fullName
       // Additional user profile fields can be added here
     });
 
@@ -190,14 +191,11 @@ app.post("/register", limiter, async (req, res) => {
   }
 });
 
-app.get("/profile", limiter, isAuthenticated, async (req, res) => {
-  res.render("profile", {
-    user: req.user,
-    messages: req.flash() /*csrfToken: req.csrfToken()*/,
-  });
+app.get('/profile', isAuthenticated, async (req, res) => {
+  res.render('profile', { user: req.user, messages: req.flash(), csrfToken: req.csrfToken() });
 });
 
-app.post("/profile", limiter, isAuthenticated, async (req, res) => {
+app.post('/profile', limiter, isAuthenticated, csrfProtection, async (req, res) => {
   /*if (!req.body._csrf || req.body._csrf !== req.csrfToken()) {
     return res.status(403).send("CSRF token validation failed.");
   }*/
@@ -230,19 +228,6 @@ app.post("/profile", limiter, isAuthenticated, async (req, res) => {
     // Handle the error, display an error message, or redirect to an error page
     return res.status(500).send("Error updating profile.");
   }
-
-  // Update the user's profile fields
-  user.fullName = fullName;
-  user.avatarUrl = avatarUrl;
-  user.bio = bio;
-  user.location = location;
-  user.website = website;
-
-  // Save the updated user profile
-  await user.save();
-
-  // Redirect to the user's profile page or any other desired page
-  return res.redirect("/profile");
 });
 
 app.use("/courses", limiter, isAuthenticated, async function (req, res) {