diff --git a/Gemfile b/Gemfile
index 8733eff..8bcb4ae 100644
--- a/Gemfile
+++ b/Gemfile
@@ -24,7 +24,7 @@ gem 'jbuilder', '~> 2.0'
 gem 'sdoc', '~> 0.4.0', group: :doc
 
 # Use ActiveModel has_secure_password
-# gem 'bcrypt', '~> 3.1.7'
+gem 'bcrypt', '~> 3.1.7'
 
 # Use Unicorn as the app server
 # gem 'unicorn'
@@ -44,4 +44,3 @@ group :development do
   # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring
   gem 'spring'
 end
-
diff --git a/Gemfile.lock b/Gemfile.lock
index 3e86bed..da1b023 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -37,6 +37,7 @@ GEM
       thread_safe (~> 0.3, >= 0.3.4)
       tzinfo (~> 1.1)
     arel (6.0.3)
+    bcrypt (3.1.10)
     binding_of_caller (0.7.2)
       debug_inspector (>= 0.0.1)
     builder (3.2.2)
@@ -139,6 +140,7 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
+  bcrypt (~> 3.1.7)
   byebug
   coffee-rails (~> 4.1.0)
   jbuilder (~> 2.0)
diff --git a/app/assets/javascripts/session.coffee b/app/assets/javascripts/session.coffee
new file mode 100644
index 0000000..24f83d1
--- /dev/null
+++ b/app/assets/javascripts/session.coffee
@@ -0,0 +1,3 @@
+# Place all the behaviors and hooks related to the matching controller here.
+# All this logic will automatically be available in application.js.
+# You can use CoffeeScript in this file: http://coffeescript.org/
diff --git a/app/assets/javascripts/users.coffee b/app/assets/javascripts/users.coffee
new file mode 100644
index 0000000..24f83d1
--- /dev/null
+++ b/app/assets/javascripts/users.coffee
@@ -0,0 +1,3 @@
+# Place all the behaviors and hooks related to the matching controller here.
+# All this logic will automatically be available in application.js.
+# You can use CoffeeScript in this file: http://coffeescript.org/
diff --git a/app/assets/stylesheets/application.css b/app/assets/stylesheets/application.css
index f9cd5b3..125c24e 100644
--- a/app/assets/stylesheets/application.css
+++ b/app/assets/stylesheets/application.css
@@ -13,3 +13,11 @@
  *= require_tree .
  *= require_self
  */
+
+div.alert {
+  background: pink;
+  border: 1px solid black;
+  border-radius: 7px;
+  padding: 1rem;
+  font-size: 1.4rem;
+}
diff --git a/app/assets/stylesheets/session.scss b/app/assets/stylesheets/session.scss
new file mode 100644
index 0000000..6fa5e44
--- /dev/null
+++ b/app/assets/stylesheets/session.scss
@@ -0,0 +1,3 @@
+// Place all the styles related to the session controller here.
+// They will automatically be included in application.css.
+// You can use Sass (SCSS) here: http://sass-lang.com/
diff --git a/app/assets/stylesheets/users.scss b/app/assets/stylesheets/users.scss
new file mode 100644
index 0000000..1efc835
--- /dev/null
+++ b/app/assets/stylesheets/users.scss
@@ -0,0 +1,3 @@
+// Place all the styles related to the users controller here.
+// They will automatically be included in application.css.
+// You can use Sass (SCSS) here: http://sass-lang.com/
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index d83690e..9617794 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -2,4 +2,26 @@ class ApplicationController < ActionController::Base
   # Prevent CSRF attacks by raising an exception.
   # For APIs, you may want to use :null_session instead.
   protect_from_forgery with: :exception
+
+  helper_method :current_user
+
+  def welcome
+    render '/welcome'
+  end
+
+  def amiloggedin
+    amiloggedin = !!session[:current_user_id]
+
+    render json: current_user
+  end
+
+  private
+
+  def current_user
+    if session[:current_user_id]
+      @current_user ||= User.find(session[:current_user_id])
+    else
+      @current_user = false
+    end
+  end
 end
diff --git a/app/controllers/session_controller.rb b/app/controllers/session_controller.rb
new file mode 100644
index 0000000..e9743d4
--- /dev/null
+++ b/app/controllers/session_controller.rb
@@ -0,0 +1,27 @@
+class SessionController < ApplicationController
+
+  def create
+    user = User.find_by(email: user_params[:email])
+
+    if user && user.authenticate(user_params[:password])
+      session[:current_user_id] = user.id
+      flash[:message] = "Thanks for logging in, sinner."
+    else
+      flash[:message] = "Email / Password combo does not exist!"
+    end
+
+    redirect_to root_path
+  end
+
+  def destroy
+    session[:current_user_id] = nil
+
+    redirect_to root_path
+  end
+
+  private
+
+  def user_params
+    return params.require(:user).permit(:email, :password)
+  end
+end
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
new file mode 100644
index 0000000..b2263af
--- /dev/null
+++ b/app/controllers/users_controller.rb
@@ -0,0 +1,20 @@
+class UsersController < ApplicationController
+
+  def create
+    @user = User.new(user_params)
+
+    if @user.save
+      flash[:message] = "Good job, you're now an active sinner. Log in, to repent!"
+    else
+      flash[:message] = @user.errors.full_messages.to_sentence
+    end
+
+    redirect_to root_path
+  end
+
+  private
+
+  def user_params
+    return params.require(:user).permit(:email, :password)
+  end
+end
diff --git a/app/helpers/session_helper.rb b/app/helpers/session_helper.rb
new file mode 100644
index 0000000..f867f86
--- /dev/null
+++ b/app/helpers/session_helper.rb
@@ -0,0 +1,2 @@
+module SessionHelper
+end
diff --git a/app/helpers/users_helper.rb b/app/helpers/users_helper.rb
new file mode 100644
index 0000000..2310a24
--- /dev/null
+++ b/app/helpers/users_helper.rb
@@ -0,0 +1,2 @@
+module UsersHelper
+end
diff --git a/app/models/user.rb b/app/models/user.rb
new file mode 100644
index 0000000..b6922d9
--- /dev/null
+++ b/app/models/user.rb
@@ -0,0 +1,10 @@
+class User < ActiveRecord::Base
+  has_secure_password
+
+  validates :email, presence: true, uniqueness: true
+  validates :password_digest, presence: true
+
+  validates :password, length: {
+    minimum: 8, allow_nil: true
+  }
+end
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb
index a1d7db5..46ecdfa 100644
--- a/app/views/layouts/application.html.erb
+++ b/app/views/layouts/application.html.erb
@@ -7,8 +7,22 @@
   <%= csrf_meta_tags %>
 </head>
 <body>
+  <% if flash[:message] %>
+    <div class="alert">
+      <%= flash[:message] %>
+    </div>
+  <% end %>
 
-<%= yield %>
+  <%= yield %>
 
+  <% if current_user %>
+  <hr/>
+  <form action="<%= session_path %>" method="POST">
+    <input type="hidden" name="authenticity_token"
+      value="<%= form_authenticity_token %>">
+    <input type="hidden" name="_method" value="DELETE">
+    <input type="submit" value="Log Out!">
+  </form>
+  <% end %>
 </body>
 </html>
diff --git a/app/views/welcome.html.erb b/app/views/welcome.html.erb
new file mode 100644
index 0000000..a012094
--- /dev/null
+++ b/app/views/welcome.html.erb
@@ -0,0 +1,29 @@
+<h1>Welcome, sinner</h1>
+
+<h3>Please sign <em>up</em> to lift your burdens</h3>
+
+<form action="<%= users_path %>" method="POST"
+    autocomplete="false">
+  <input type="hidden" name="authenticity_token"
+    value="<%= form_authenticity_token %>">
+
+  <input type="email" name="user[email]"
+    placeholder="your email address"><br/>
+  <input type="password" name="user[password]"
+    placeholder="desired password"><br/>
+  <input type="submit" value="Sign up">
+</form>
+
+<h3>Please sign <em>in</em> to lift your burdens</h3>
+
+<form action="<%= session_path %>" method="POST"
+    autocomplete="false">
+  <input type="hidden" name="authenticity_token"
+    value="<%= form_authenticity_token %>">
+
+  <input type="email" name="user[email]"
+    placeholder="your email address"><br/>
+  <input type="password" name="user[password]"
+    placeholder="desired password"><br/>
+  <input type="submit" value="Sign in">
+</form>
diff --git a/config/routes.rb b/config/routes.rb
index 3f66539..6e9f819 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -1,4 +1,18 @@
 Rails.application.routes.draw do
+  root 'application#welcome'
+
+  get '/amiloggedin' => 'application#amiloggedin'
+
+  # resources :users, only: [:create]
+  post '/users' => 'users#create'
+
+  # sessiony stuff
+  # get '/session' => 'session#current_user'
+  #       angular?
+
+  post '/session' => 'session#create'
+  delete '/session' => 'session#destroy'
+
   # The priority is based upon order of creation: first created -> highest priority.
   # See how all your routes lay out with "rake routes".
 
diff --git a/db/migrate/20151029150245_create_users.rb b/db/migrate/20151029150245_create_users.rb
new file mode 100644
index 0000000..207c3d2
--- /dev/null
+++ b/db/migrate/20151029150245_create_users.rb
@@ -0,0 +1,12 @@
+class CreateUsers < ActiveRecord::Migration
+  def change
+    create_table :users do |t|
+      t.string :email, null: false
+      t.string :password_digest, null: false
+
+      t.timestamps null: false
+    end
+
+    add_index :users, :email
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
new file mode 100644
index 0000000..af18b97
--- /dev/null
+++ b/db/schema.rb
@@ -0,0 +1,28 @@
+# encoding: UTF-8
+# This file is auto-generated from the current state of the database. Instead
+# of editing this file, please use the migrations feature of Active Record to
+# incrementally modify your database, and then regenerate this schema definition.
+#
+# Note that this schema.rb definition is the authoritative source for your
+# database schema. If you need to create the application database on another
+# system, you should be using db:schema:load, not running all the migrations
+# from scratch. The latter is a flawed and unsustainable approach (the more migrations
+# you'll amass, the slower it'll run and the greater likelihood for issues).
+#
+# It's strongly recommended that you check this file into your version control system.
+
+ActiveRecord::Schema.define(version: 20151029150245) do
+
+  # These are extensions that must be enabled in order to support this database
+  enable_extension "plpgsql"
+
+  create_table "users", force: :cascade do |t|
+    t.string   "email",           null: false
+    t.string   "password_digest", null: false
+    t.datetime "created_at",      null: false
+    t.datetime "updated_at",      null: false
+  end
+
+  add_index "users", ["email"], name: "index_users_on_email", using: :btree
+
+end
diff --git a/test/controllers/session_controller_test.rb b/test/controllers/session_controller_test.rb
new file mode 100644
index 0000000..da49ba4
--- /dev/null
+++ b/test/controllers/session_controller_test.rb
@@ -0,0 +1,7 @@
+require 'test_helper'
+
+class SessionControllerTest < ActionController::TestCase
+  # test "the truth" do
+  #   assert true
+  # end
+end
diff --git a/test/controllers/users_controller_test.rb b/test/controllers/users_controller_test.rb
new file mode 100644
index 0000000..d23f182
--- /dev/null
+++ b/test/controllers/users_controller_test.rb
@@ -0,0 +1,7 @@
+require 'test_helper'
+
+class UsersControllerTest < ActionController::TestCase
+  # test "the truth" do
+  #   assert true
+  # end
+end
diff --git a/test/fixtures/users.yml b/test/fixtures/users.yml
new file mode 100644
index 0000000..0821459
--- /dev/null
+++ b/test/fixtures/users.yml
@@ -0,0 +1,9 @@
+# Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
+
+one:
+  email: MyString
+  password_digest: MyString
+
+two:
+  email: MyString
+  password_digest: MyString
diff --git a/test/models/user_test.rb b/test/models/user_test.rb
new file mode 100644
index 0000000..82f61e0
--- /dev/null
+++ b/test/models/user_test.rb
@@ -0,0 +1,7 @@
+require 'test_helper'
+
+class UserTest < ActiveSupport::TestCase
+  # test "the truth" do
+  #   assert true
+  # end
+end