public string Login([FromBody] Credentials login)// string username, string password) { // return status or session id var player = auth.Authenticate(login.username, login.password); if (player != null) { HttpContext.Session.SetInt32("active", 1); HttpContext.Session.CommitAsync(); // check if a session exists with the username // if so, terminate it. cannot be logged in on multiple devices. if (sessionManager.TryGetByUsername(login.username, out var existingSession)) { sessionManager.EndSession(existingSession); } return(sessionManager.BeginSession(HttpContext.Session.Id, player)); } return(null); }