# Login and Begin Session

Session create for a user. Each session create updates a "valid_from" UTC timestamp column in the user model. 

Any subseqeuent session creates for the same user will invalidate any previously issued tokens, effectively preventing account sharing or multiple devices being logged-in with the same account.

Endpoint: POST /sessions

## Query parameters:

  - `multi` (boolean)
    Prevents the update of the valid_from field, allowing multiple sessions with the same account.

## Request fields (application/json):

  - `email` (string, required)

  - `password` (string, required)

  - `first_name` (string)

  - `last_name` (string)

## Response 200 fields (application/json):

  - `refresh_token` (string)

  - `token` (string)

  - `user` (object)

  - `user.id` (integer)

  - `user.username` (string)

  - `user.email` (string)

  - `user.first_name` (string)

  - `user.last_name` (string)

  - `user.created_at` (string)

  - `user.updated_at` (string)

  - `user.confirmed_at` (string,null)

  - `user.sub` (string,null)

  - `user.valid_from` (number)