diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 78d1c52..1fff20c 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -18,7 +18,7 @@ class SessionsController < ApplicationController
   end
 
   def destroy
-    log_out
+    log_out if logged_in?
     redirect_to root_url
   end
 end
diff --git a/app/models/user.rb b/app/models/user.rb
index cecb0dd..2e83727 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -38,6 +38,7 @@ class User < ApplicationRecord
   end
 
   def authenticated?(remember_token)
+    return false if remember_digest.nil?
     BCrypt::Password.new(remember_digest).is_password?(remember_token)
   end
 
diff --git a/test/integration/users_login_test.rb b/test/integration/users_login_test.rb
index 6d8176d..818f3e5 100644
--- a/test/integration/users_login_test.rb
+++ b/test/integration/users_login_test.rb
@@ -43,6 +43,8 @@ class UsersLoginTest < ActionDispatch::IntegrationTest
     delete logout_path
     assert_not is_logged_in?
     assert_redirected_to root_url
+    # 模拟在另一个浏览器中登出
+    delete logout_path
     follow_redirect!
     # assert_select "a[href=?]", login_path
     assert_select "a[href=?]", logout_path, count: 0
diff --git a/test/models/user_test.rb b/test/models/user_test.rb
index e1aee96..54014d5 100644
--- a/test/models/user_test.rb
+++ b/test/models/user_test.rb
@@ -73,4 +73,8 @@ class UserTest < ActiveSupport::TestCase
     @user.password = @user.password_confirmation = " " * 5
     assert_not @user.valid?
   end
+
+  test "authenticated? should return false for a user with nil digest" do
+    assert_not @user.authenticated?('')
+  end
 end