diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index aa84b64..7b05e78 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -6,7 +6,7 @@ class SessionsController < ApplicationController
   	user = User.find_by(name: params[:session][:name])
     if user
     	log_in user
-      redirect_to user
+      redirect_back_or user
     else
     	#flash.now[:danger] = 'Invalid username'
     	render 'new'
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index bd918d8..024648a 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1,5 +1,10 @@
 class UsersController < ApplicationController
-  before_action :logged_in_user, only: [:edit, :update, :show]
+  before_action :logged_in_user, only: [ :index, :edit, :update, :show]
+  before_action :correct_user,   only: [:edit, :update]
+
+  def index
+    @users = User.all
+  end
 
 
   def new
@@ -47,9 +52,16 @@ class UsersController < ApplicationController
     # Confirms a logged-in user.
     def logged_in_user
       unless logged_in?
+        store_location
         flash[:danger] = "Please log in."
         redirect_to login_url
       end
     end
 
+    # Confirms the correct user.
+    def correct_user
+      @user = User.find(params[:id])
+      redirect_to(root_url) unless current_user?(@user)
+    end
+
 end
diff --git a/app/helpers/sessions_helper.rb b/app/helpers/sessions_helper.rb
index 7df2d99..1c1b45d 100644
--- a/app/helpers/sessions_helper.rb
+++ b/app/helpers/sessions_helper.rb
@@ -16,5 +16,21 @@ module SessionsHelper
     session.delete(:user_id)
     @current_user = nil
   end
+
+  # Redirects to stored location (or to the default).
+  def redirect_back_or(default)
+    redirect_to(session[:forwarding_url] || default)
+    session.delete(:forwarding_url)
+  end
+
+  # Stores the URL trying to be accessed.
+  def store_location
+    session[:forwarding_url] = request.url if request.get?
+  end
+
+
+  def current_user?(user)
+    user == current_user
+  end
   
 end
diff --git a/app/views/layouts/_header.html.erb b/app/views/layouts/_header.html.erb
index c25f671..dd62504 100644
--- a/app/views/layouts/_header.html.erb
+++ b/app/views/layouts/_header.html.erb
@@ -9,6 +9,7 @@
 
         <!-- account -->
         <% if logged_in? %>
+          <li><%= link_to "Users", users_path %></li>
           <li class="dropdown">
             <a href="#" class="dropdown-toggle" data-toggle="dropdown">
               Account <b class="caret"></b>
diff --git a/app/views/users/index.html.erb b/app/views/users/index.html.erb
new file mode 100644
index 0000000..45eec02
--- /dev/null
+++ b/app/views/users/index.html.erb
@@ -0,0 +1,9 @@
+<h1>All users</h1>
+
+<ul class="users">
+  <% @users.each do |user| %>
+    <li>
+      <%= link_to user.name, user %>
+    </li>
+  <% end %>
+</ul>
\ No newline at end of file