diff --git a/bubble-server/src/main/java/bubble/resources/account/AuthResource.java b/bubble-server/src/main/java/bubble/resources/account/AuthResource.java
index 17f07802..86982e76 100644
--- a/bubble-server/src/main/java/bubble/resources/account/AuthResource.java
+++ b/bubble-server/src/main/java/bubble/resources/account/AuthResource.java
@@ -567,12 +567,16 @@ public class AuthResource {
     @POST @Path(EP_LOGOUT+"/{id}")
     public Response logoutUserEverywhere(@Context ContainerRequest ctx,
                                          @PathParam("id") String id) {
-        final Account account = optionalUserPrincipal(ctx);
-        if (account == null) return invalid("err.logout.noSession");
-        if (!account.admin()) return forbidden();
+        final Account caller = optionalUserPrincipal(ctx);
+        if (caller == null) return invalid("err.logout.noSession");
         final Account target = accountDAO.findById(id);
-        if (target == null) return notFound(id);
-        sessionDAO.invalidateAllSessions(id);
+        if (target == null) {
+            if (caller.admin()) return notFound(id);
+            return forbidden();
+        } else if (!target.getUuid().equals(caller.getUuid())) {
+            return forbidden();
+        }
+        sessionDAO.invalidateAllSessions(target.getUuid());
         return ok_empty();
     }
 
diff --git a/bubble-server/src/test/resources/models/tests/auth/account_registration.json b/bubble-server/src/test/resources/models/tests/auth/account_registration.json
index 16752110..d0d278c7 100644
--- a/bubble-server/src/test/resources/models/tests/auth/account_registration.json
+++ b/bubble-server/src/test/resources/models/tests/auth/account_registration.json
@@ -126,7 +126,7 @@
       "session": "user1session",
       "uri": "me/networks/{{networks.[0].uuid}}/tags"
     },
-    "response": { "status": 403 }
+    "response": { "status": 401 }
   },
 
   {
diff --git a/bubble-server/src/test/resources/models/tests/auth/basic_auth.json b/bubble-server/src/test/resources/models/tests/auth/basic_auth.json
index c0b5259e..a61b7901 100644
--- a/bubble-server/src/test/resources/models/tests/auth/basic_auth.json
+++ b/bubble-server/src/test/resources/models/tests/auth/basic_auth.json
@@ -51,7 +51,7 @@
   {
     "comment": "verify cannot read self after logout",
     "request": { "uri": "me" },
-    "response": { "status": 403 }
+    "response": { "status": 401 }
   }
 
 ]
\ No newline at end of file
diff --git a/bubble-server/src/test/resources/models/tests/auth/change_admin_password.json b/bubble-server/src/test/resources/models/tests/auth/change_admin_password.json
index 6e3695d4..e25171f8 100644
--- a/bubble-server/src/test/resources/models/tests/auth/change_admin_password.json
+++ b/bubble-server/src/test/resources/models/tests/auth/change_admin_password.json
@@ -104,7 +104,7 @@
       "uri": "me",
       "session": "rootSession"
     },
-    "response": { "status": 403 }
+    "response": { "status": 401 }
   },
 
   {
diff --git a/bubble-server/src/test/resources/models/tests/auth/change_password.json b/bubble-server/src/test/resources/models/tests/auth/change_password.json
index 8043cdd2..9960f55b 100644
--- a/bubble-server/src/test/resources/models/tests/auth/change_password.json
+++ b/bubble-server/src/test/resources/models/tests/auth/change_password.json
@@ -189,7 +189,7 @@
       "uri": "me"
     },
     "response": {
-      "status": 403
+      "status": 401
     }
   },
 
diff --git a/utils/cobbzilla-wizard b/utils/cobbzilla-wizard
index 1b2c4ade..0c698bab 160000
--- a/utils/cobbzilla-wizard
+++ b/utils/cobbzilla-wizard
@@ -1 +1 @@
-Subproject commit 1b2c4adef489e38bb3e488bf995db79d50fea138
+Subproject commit 0c698babbbffdbc4be53bc844ceec64fc6f2a981