diff --git a/index.js b/index.js
index 066060cde12c0df6973117d40a976e0cab951b58..b6be466f1a06db7e2de8c36bc97fee93ea0e504c 100644
--- a/index.js
+++ b/index.js
@@ -104,17 +104,20 @@ app.post('/signup', (req, res) => {
 app.post('/login', (req, res) => {
   if (!req.body.username || !req.body.password) {
     return res.redirect('/signup');
+  } else if (req.session.user) {
+    error(req, res, 'User already logged in', 'You must logout before log in.')
+  } else {
+    User.findOne({ username: req.body.username }, (err, user) => {
+      err ? error(req, res, 'Error fetching user', err) : null;
+      if (bcrypt.compareSync(req.body.password, user.passwordHash)) {
+        req.session.user = user;
+        return res.redirect(req.query.nextUrl || '/');
+      } else {
+        error(req, res, 'Bad credentials')
+        return res.redirect('/signup');
+      }
+    });
   }
-  User.findOne({ username: req.body.username }, (err, user) => {
-    err ? error(req, res, 'Error fetching user', err) : null;
-    if (bcrypt.compareSync(req.body.password, user.passwordHash)) {
-      req.session.user = user;
-      return res.redirect(req.query.nextUrl || '/');
-    } else {
-      error(req, res, 'Bad credentials')
-      return res.redirect('/signup');
-    }
-  });
 });
 app.post('/logout', (req, res) => {
   req.session.destroy();