diff --git a/src/at/nanopenguin/mtcg/application/SessionHandler.java b/src/at/nanopenguin/mtcg/application/SessionHandler.java
new file mode 100644
index 0000000..33c9309
--- /dev/null
+++ b/src/at/nanopenguin/mtcg/application/SessionHandler.java
@@ -0,0 +1,52 @@
+package at.nanopenguin.mtcg.application;
+
+import at.nanopenguin.mtcg.application.service.schemas.UserCredentials;
+import at.nanopenguin.mtcg.db.DbQuery;
+import at.nanopenguin.mtcg.db.SqlCommand;
+import at.nanopenguin.mtcg.db.Table;
+import lombok.val;
+
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.UUID;
+
+public final class SessionHandler {
+     private static SessionHandler INSTANCE;
+     private final Map<UUID, Integer> Sessions = new HashMap<>();
+
+     private SessionHandler() {
+
+     }
+
+     public static SessionHandler getInstance() {
+        if (INSTANCE == null) {
+            INSTANCE = new SessionHandler();
+        }
+
+        return INSTANCE;
+     }
+
+     public UUID login(UserCredentials userCredentials) throws SQLException {
+         val result = DbQuery.builder()
+                 .command(SqlCommand.SELECT)
+                 .table(Table.USERS)
+                 .column("id")
+                 .column("password")
+                 .condition("username", userCredentials.username())
+                 .executeQuery();
+         if (result.isEmpty()) {
+             // user not found
+             return null;
+         }
+         if (!result.get(0).get("password").equals(userCredentials.password())) {
+             // wrong password
+             return null;
+         }
+
+         UUID uuid = UUID.randomUUID();
+         this.Sessions.put(uuid, (Integer) result.get(0).get("id"));
+         return uuid;
+     }
+}
diff --git a/src/at/nanopenguin/mtcg/application/service/UserService.java b/src/at/nanopenguin/mtcg/application/service/UserService.java
index 3696938..89df042 100644
--- a/src/at/nanopenguin/mtcg/application/service/UserService.java
+++ b/src/at/nanopenguin/mtcg/application/service/UserService.java
@@ -1,5 +1,6 @@
 package at.nanopenguin.mtcg.application.service;
 
+import at.nanopenguin.mtcg.application.SessionHandler;
 import at.nanopenguin.mtcg.application.User;
 import at.nanopenguin.mtcg.application.service.schemas.UserCredentials;
 import at.nanopenguin.mtcg.http.HttpMethod;
@@ -10,6 +11,7 @@ import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 
 import java.sql.SQLException;
+import java.util.UUID;
 
 public class UserService implements Service {
 
@@ -17,14 +19,17 @@ public class UserService implements Service {
     public Response handleRequest(HttpRequest request) throws JsonProcessingException {
         try {
             if (request.getPath().split("/")[1].equals("sessions") && request.getMethod() == HttpMethod.POST) {
-                // response = login()
-                return new Response(HttpStatus.NOT_IMPLEMENTED); // new ObjectMapper().readValue(request.getBody(), UserCredentials.class);
+                // login
+                UUID uuid = SessionHandler.getInstance().login(new ObjectMapper().readValue(request.getBody(), UserCredentials.class));
+                return uuid != null ?
+                        new Response(HttpStatus.OK, "application/json", uuid.toString()) :
+                        new Response(HttpStatus.UNAUTHORIZED);
             }
 
             if (request.getPath().split("/")[1].equals("users")) {
                 return switch (request.getMethod()) {
                     case GET -> new Response(HttpStatus.NOT_IMPLEMENTED);
-                    case POST -> {
+                    case POST -> { // register new user
                         int success = User.create(new ObjectMapper().readValue(request.getBody(), UserCredentials.class));
                         yield new Response(success > 0 ? HttpStatus.CREATED : HttpStatus.CONFLICT);
                     }
diff --git a/src/at/nanopenguin/mtcg/db/DbQuery.java b/src/at/nanopenguin/mtcg/db/DbQuery.java
index aa64535..026172b 100644
--- a/src/at/nanopenguin/mtcg/db/DbQuery.java
+++ b/src/at/nanopenguin/mtcg/db/DbQuery.java
@@ -25,7 +25,7 @@ public final class DbQuery {
     private SortedMap<String, Object> conditions;
 
     public static class DbQueryBuilder {
-        public ResultSet executeQuery() throws SQLException {
+        public List<Map<String, Object>> executeQuery() throws SQLException {
             DbQuery dbQuery = this.build();
             if (dbQuery.command != SqlCommand.SELECT) throw new SQLException();
             return dbQuery.read();
@@ -75,7 +75,7 @@ public final class DbQuery {
         }
     }
 
-    private ResultSet read() throws SQLException {
+    private List<Map<String, Object>> read() throws SQLException {
         try (Connection connection = connect()) {
             StringJoiner columnJoiner = new StringJoiner(", ");
             if (this.columns.isEmpty()) {
@@ -92,7 +92,18 @@ public final class DbQuery {
                     preparedStatement.setObject(i++, entry.getValue());
                 }
 
-                return preparedStatement.executeQuery();
+                ResultSet resultSet = preparedStatement.executeQuery();
+
+                List<Map<String, Object>> result = new ArrayList<>();
+                while (resultSet.next()) {
+                    Map<String, Object> row = new HashMap<>();
+                    for (i = 1; i <= resultSet.getMetaData().getColumnCount(); i++) {
+                        row.put(resultSet.getMetaData().getColumnName(i), resultSet.getObject(i));
+                    }
+                    result.add(row);
+                }
+
+                return result;
             }
         }
     }