@Mittineague (I assume, without the book, that) it’s more that the lesson is about logging people out, not securing the other pages against non-logged-in people. There are no controls (at this point in the book) on add/edit/delete jokes to ensure a user is logged in.
It’s a logical concern, but not the point of the lesson. I assume that @TomB goes on from this lesson to explain what you should DO when someone is not logged in and attempts to access the functions that only logged in people are meant to access.
I’ll also be honest and trying to find anything in this design paradigm is confusing me to the ends of the earth and very difficult to follow the flow, so perhaps i’m mistaken.