diff --git a/backend/app.py b/backend/app.py
index b4b06a0..92afd4e 100644
--- a/backend/app.py
+++ b/backend/app.py
@@ -14,6 +14,8 @@ from utils.utils import random_string_generator, hash_string
 
 
 from blueprints.profile import profile as profileBlueprint
+from blueprints.session import session as sessionBlueprint
+
 app = Flask(__name__)
 # Set configuration directly on the app instance
 app.config['ALLOWED_EXTENSIONS'] = {'png', 'jpg', 'jpeg', 'gif'}
@@ -23,6 +25,7 @@ app.config["SQLALCHEMY_DATABASE_URI"] = DB_URI
 db.init_app(app)
 
 app.register_blueprint(profileBlueprint, url_prefix='/api/profile')
+app.register_blueprint(sessionBlueprint,url_prefix='/api/session')
 
 
 @app.route('/', methods=['GET', 'POST'])
diff --git a/backend/blueprints/session/__init__.py b/backend/blueprints/session/__init__.py
index e69de29..068f65b 100644
--- a/backend/blueprints/session/__init__.py
+++ b/backend/blueprints/session/__init__.py
@@ -0,0 +1,69 @@
+from email.policy import default
+from flask import Blueprint, request, jsonify, current_app, g
+from werkzeug.utils import secure_filename
+from datetime import datetime
+from utils.auth import auth_required, requires_role
+from db.model import db
+from db.model import User, Session, UserRole  # Adjust based on your model's location
+# from constants import UserRole
+from werkzeug.security import generate_password_hash,check_password_hash
+import uuid
+import os
+from config import *
+from utils.utils import password_check_sanity,is_valid_email,InsecurePasswordException
+from sqlalchemy.exc import IntegrityError
+
+session = Blueprint('session', __name__)
+
+@session.route('/create', methods=['POST'])
+def login():
+    """
+    Handle user login.
+    """
+    data = request.form  # Expecting JSON body
+
+    # Extract credentials from request
+    # username = data.get('username')
+    email = data.get('email')
+    password = data.get('password')
+    user_agent = request.headers.get('User-Agent', 'Unknown')
+
+    # Validate required fields
+    if not email or not password:
+        return jsonify({"error": "email and password are required"}), 400
+
+    # Find the user by username
+    # user = User.query.filter_by(username=username).first()
+    user = User.query.filter_by(email=email).first()
+
+    if not user:
+        return jsonify({"error": "Invalid email or password"}), 401
+
+    # Verify the password
+    if not check_password_hash(user.hash_password, password):
+        return jsonify({"error": "Invalid email or password"}), 401
+
+    # Create a new session
+    session_key = str(uuid.uuid4())  # Generate a unique session key
+    new_session = Session(
+        userID=user.id,
+        user=user,  # Pass the user object here
+        key=session_key,
+        ua=user_agent,
+        creationDate=datetime.utcnow(),
+        lastUsed=datetime.utcnow(),
+        isValid=True
+    )
+
+
+    try:
+        db.session.add(new_session)
+        db.session.commit()
+        return jsonify({
+            "message": "Login successful",
+            "session_key": session_key,
+            "user_id": str(user.id)
+        }), 200
+    except Exception as e:
+        db.session.rollback()
+        return jsonify({"error": "Login failed, please try again later."}), 500
\ No newline at end of file