diff --git a/src/server.js b/src/server.js
index f5afb23..89f4738 100644
--- a/src/server.js
+++ b/src/server.js
@@ -16,20 +16,32 @@ app.use(
 
 // Login route
 app.post("/login", (req, res) => {
-  // Write your code here
-
+  const { username, password } = req.body;
+  if (username == 'admin' && password == 'secret') {
+    req.session.user = { username };
+    return res.status(200).json({ message: "Login successful" });
+  }
+  return res.status(401).json({ message: "Invalid credentials" });
 });
 
 // Profile route (protected)
-app.get("/profile", (req, res) => {
-  // Write your code here
-
+app.get('/profile', (req, res) => {
+  if (req.session.user) {
+    return res.status(200).json({ message: `Welcome, admin` });
+  }
+  return res.status(401).json({ message: 'Unauthorized' });
 });
 
 // Logout route
-app.get("/logout", (req, res) => {
-  // Write your code here
-
+app.post("/logout", (req, res) => {
+  req.session.destroy(err => {
+    if (err) {
+      return res.status(500).json({ message: "Logout failed" });
+    }
+    return res.status(200).json({ message: "Logged out successfully" });
+  }
+
+  )
 });
 
 // Start server only if not in test mode