diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 0d95db2..6c9b518 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,4 +1,14 @@
 class ApplicationController < ActionController::Base
   # Only allow modern browsers supporting webp images, web push, badges, import maps, CSS nesting, and CSS :has.
   allow_browser versions: :modern
+
+  def logged_in?
+    if session[:user_id] then true else false end
+  end
+
+  def current_user
+    if logged_in?
+      session[:user_id]
+    end
+  end
 end
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
new file mode 100644
index 0000000..c21b297
--- /dev/null
+++ b/app/controllers/sessions_controller.rb
@@ -0,0 +1,21 @@
+class SessionsController < ApplicationController
+  def new
+  end
+
+  def create
+    user = User.find_by(email: params[:email])
+
+    if user && user.authenticate(params[:password])
+      session[:user_id] = user.id
+      redirect_to root_path, notice: "Logged in!"
+    else
+      flash.now[:alert] = "Invalid email or password"
+      render :new, status: :unprocessable_entity
+    end
+  end
+
+  def destroy
+    session[:user_id] = nil
+    redirect_to root_path
+  end
+end
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
new file mode 100644
index 0000000..4f43771
--- /dev/null
+++ b/app/controllers/users_controller.rb
@@ -0,0 +1,16 @@
+class UsersController < ApplicationController
+  def new
+  end
+
+  def create
+  end
+
+  def edit
+  end
+
+  def update
+  end
+
+  def destroy
+  end
+end
diff --git a/app/models/user.rb b/app/models/user.rb
new file mode 100644
index 0000000..d67da20
--- /dev/null
+++ b/app/models/user.rb
@@ -0,0 +1,3 @@
+class User < ApplicationRecord
+  has_secure_password
+end
diff --git a/app/views/sessions/destroy.html.erb b/app/views/sessions/destroy.html.erb
new file mode 100644
index 0000000..d75237d
--- /dev/null
+++ b/app/views/sessions/destroy.html.erb
@@ -0,0 +1,2 @@
+<h1>Sessions#destroy</h1>
+<p>Find me in app/views/sessions/destroy.html.erb</p>
diff --git a/app/views/sessions/new.html.erb b/app/views/sessions/new.html.erb
new file mode 100644
index 0000000..b39a3bc
--- /dev/null
+++ b/app/views/sessions/new.html.erb
@@ -0,0 +1,2 @@
+<h1>Sessions#new</h1>
+<p>Find me in app/views/sessions/new.html.erb</p>
diff --git a/app/views/users/edit.html.erb b/app/views/users/edit.html.erb
new file mode 100644
index 0000000..48ea02e
--- /dev/null
+++ b/app/views/users/edit.html.erb
@@ -0,0 +1,2 @@
+<h1>Users#create</h1>
+<p>Find me in app/views/users/create.html.erb</p>
diff --git a/app/views/users/new.html.erb b/app/views/users/new.html.erb
new file mode 100644
index 0000000..c21a1ad
--- /dev/null
+++ b/app/views/users/new.html.erb
@@ -0,0 +1,2 @@
+<h1>Users#new</h1>
+<p>Find me in app/views/users/new.html.erb</p>
diff --git a/config/routes.rb b/config/routes.rb
index 558a2cf..0dccbbf 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -1,12 +1,12 @@
 Rails.application.routes.draw do
+  resources :users, only: [ :new, :create, :edit, :update, :destroy ]
+
+  resource :sessions, only: [ :new, :create, :destroy ]
+
   namespace :test do
-    resources :images
-    get "images/index"
-    get "images/new"
-    get "images/create"
-    get "images/show"
+    resources :images, only: [ :index, :create ]
   end
-  resources :notes
+
   # Define your application routes per the DSL in https://guides.rubyonrails.org/routing.html
 
   # Reveal health status on /up that returns 200 if the app boots with no exceptions, otherwise 500.
@@ -18,5 +18,5 @@ Rails.application.routes.draw do
   # get "service-worker" => "rails/pwa#service_worker", as: :pwa_service_worker
 
   # Defines the root path route ("/")
-  # root "posts#index"
+  root "images#index"
 end
diff --git a/db/migrate/20250508115812_create_users.rb b/db/migrate/20250508115812_create_users.rb
new file mode 100644
index 0000000..1d931f3
--- /dev/null
+++ b/db/migrate/20250508115812_create_users.rb
@@ -0,0 +1,12 @@
+class CreateUsers < ActiveRecord::Migration[8.0]
+  def change
+    create_table :users do |t|
+      t.string :name
+      t.string :status
+      t.string :email
+      t.string :password_digest
+
+      t.timestamps
+    end
+  end
+end
diff --git a/db/migrate/20250508131043_drop_notes_table.rb b/db/migrate/20250508131043_drop_notes_table.rb
new file mode 100644
index 0000000..6bb7112
--- /dev/null
+++ b/db/migrate/20250508131043_drop_notes_table.rb
@@ -0,0 +1,5 @@
+class DropNotesTable < ActiveRecord::Migration[8.0]
+  def change
+    drop_table :notes
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index ed9b460..e9f3ea9 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[8.0].define(version: 2025_05_07_082751) do
+ActiveRecord::Schema[8.0].define(version: 2025_05_08_131043) do
   create_table "active_storage_attachments", force: :cascade do |t|
     t.string "name", null: false
     t.string "record_type", null: false
@@ -45,9 +45,11 @@ ActiveRecord::Schema[8.0].define(version: 2025_05_07_082751) do
     t.datetime "updated_at", null: false
   end
 
-  create_table "notes", force: :cascade do |t|
-    t.string "title"
-    t.text "body"
+  create_table "users", force: :cascade do |t|
+    t.string "name"
+    t.string "status"
+    t.string "email"
+    t.string "password_digest"
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
   end