diff --git a/src/server.js b/src/server.js
index f2dc4e6..1c602cc 100644
--- a/src/server.js
+++ b/src/server.js
@@ -16,20 +16,39 @@ app.use(
 
 // Login route
 app.post("/login", (req, res) => {
-  // Write your code here
-
+  const { username, password } = req.body;
+  if (username === "admin" && password === "secret") {
+    req.session.username = username;
+    return res.status(200).json({ message: "Login successful" });
+  }
+  return res.status(401).json({ message: "Invalid credentials" });
 });
 
 // Profile route (protected)
 app.get("/profile", (req, res) => {
-  // Write your code here
+  const { username } = req.session;
+
+  if (!username) {
+    return res.status(401).json({ message: "Unauthorized" });
+  }
 
+  return res.status(200).json({ message: "Welcome, admin", user: { username } });
 });
 
 // Logout route
 app.post("/logout", (req, res) => {
-  // Write your code here
-  
+  const { username } = req.session;
+
+  if (!username) {
+    return res.status(401).json({ message: "Unauthorized" });
+  }
+
+  req.session.destroy((err) => {
+    if (err) {
+      return res.status(500).json({ message: "Logout failed" });
+    }
+    return res.status(200).json({ message: "Logout successful" });
+  });
 });
 
 // Start server only if not in test mode