diff --git a/backend/blueprints/profile/__init__.py b/backend/blueprints/profile/__init__.py
index edc594a..9907f79 100644
--- a/backend/blueprints/profile/__init__.py
+++ b/backend/blueprints/profile/__init__.py
@@ -3,8 +3,8 @@ from flask import Blueprint, request, jsonify, current_app
 from werkzeug.utils import secure_filename
 from datetime import datetime
 from db.model import db
-from db.model import User, UserRole  # Adjust based on your model's location
-from werkzeug.security import generate_password_hash
+from db.model import User, UserRole, Session  # Adjust based on your model's location
+from werkzeug.security import generate_password_hash,check_password_hash
 import uuid
 import os
 from config import *
@@ -98,3 +98,55 @@ def register():
     except Exception as e:
         db.session.rollback()
         return jsonify({"error": "Registration failed, please try again later."}), 500
+
+
+@profile.route('/login', methods=['POST'])
+def login():
+    """
+    Handle user login.
+    """
+    data = request.json  # Expecting JSON body
+
+    # Extract credentials from request
+    username = data.get('username')
+    password = data.get('password')
+    user_agent = request.headers.get('User-Agent', 'Unknown')
+
+    # Validate required fields
+    if not username or not password:
+        return jsonify({"error": "Username and password are required"}), 400
+
+    # Find the user by username
+    user = User.query.filter_by(username=username).first()
+
+    if not user:
+        return jsonify({"error": "Invalid username or password"}), 401
+
+    # Verify the password
+    if not check_password_hash(user.hash_password, password):
+        return jsonify({"error": "Invalid username or password"}), 401
+
+    # Create a new session
+    session_key = str(uuid.uuid4())  # Generate a unique session key
+    new_session = Session(
+        userID=user.id,
+        user=user,  # Pass the user object here
+        key=session_key,
+        ua=user_agent,
+        creationDate=datetime.utcnow(),
+        lastUsed=datetime.utcnow(),
+        isValid=True
+    )
+
+
+    try:
+        db.session.add(new_session)
+        db.session.commit()
+        return jsonify({
+            "message": "Login successful",
+            "session_key": session_key,
+            "user_id": str(user.id)
+        }), 200
+    except Exception as e:
+        db.session.rollback()
+        return jsonify({"error": "Login failed, please try again later."}), 500
\ No newline at end of file
diff --git a/backend/blueprints/session/__init__.py b/backend/blueprints/session/__init__.py
new file mode 100644
index 0000000..e69de29