diff --git a/apiserver/schema/services/login.conf b/apiserver/schema/services/login.conf
index 77a3cbb..98ebaae 100644
--- a/apiserver/schema/services/login.conf
+++ b/apiserver/schema/services/login.conf
@@ -93,3 +93,19 @@ supported_modes {
         }
     }
 }
+
+logout {
+    authorize: false
+    allow_roles = [ "*" ]
+    "2.13" {
+        description: """ Logout (including SSO, if used)) """
+        request {
+            type: object
+            additionalProperties: false
+        }
+        response {
+            type: object
+            additionalProperties: false
+        }
+    }
+}
diff --git a/apiserver/services/auth.py b/apiserver/services/auth.py
index 7cd479a..23fb6f0 100644
--- a/apiserver/services/auth.py
+++ b/apiserver/services/auth.py
@@ -41,14 +41,12 @@ def login(call: APICall, *_, **__):
     )
 
     # Add authorization cookie
-    call.result.cookies[
-        config.get("apiserver.auth.session_auth_cookie_name")
-    ] = call.result.data_model.token
+    call.result.set_auth_cookie(call.result.data_model.token)
 
 
 @endpoint("auth.logout", min_version="2.2")
 def logout(call: APICall, *_, **__):
-    call.result.cookies[config.get("apiserver.auth.session_auth_cookie_name")] = None
+    call.result.set_auth_cookie(None)
 
 
 @endpoint(
diff --git a/apiserver/services/login/__init__.py b/apiserver/services/login/__init__.py
index 56d544c..5a45fd2 100644
--- a/apiserver/services/login/__init__.py
+++ b/apiserver/services/login/__init__.py
@@ -1,5 +1,3 @@
-from jsonmodels.fields import BoolField
-
 from apiserver.apimodels.login import (
     GetSupportedModesRequest,
     GetSupportedModesResponse,
@@ -35,3 +33,8 @@ def supported_modes(call: APICall, _, __: GetSupportedModesRequest):
         ),
         authenticated=call.auth is not None,
     )
+
+
+@endpoint("login.logout", min_version="2.13")
+def logout(call: APICall, _, __):
+    call.result.set_auth_cookie(None)