diff --git a/config/routes/rider_api.yaml b/config/routes/rider_api.yaml
index 95d5563c..3ffb4072 100644
--- a/config/routes/rider_api.yaml
+++ b/config/routes/rider_api.yaml
@@ -10,6 +10,11 @@ rapi_login:
     controller: App\Controller\RAPIController::login
     methods: [POST]
 
+rapi_logout:
+    path: /rapi/logout
+    controller: App\Controller\RAPIController::logout
+    methods: [POST]
+
 rapi_get_status:
     path: /rapi/status
     controller: App\Controller\RAPIController::getStatus
diff --git a/src/Controller/RAPIController.php b/src/Controller/RAPIController.php
index 1f69a286..961f6053 100644
--- a/src/Controller/RAPIController.php
+++ b/src/Controller/RAPIController.php
@@ -9,6 +9,7 @@ use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Bundle\FrameworkBundle\Controller\Controller;
 use Symfony\Component\HttpFoundation\JsonResponse;
+use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface;
 
 use CrEOF\Spatial\PHP\Types\Geometry\Point;
 
@@ -32,6 +33,8 @@ use App\Entity\JobOrder;
 use App\Entity\Promo;
 use App\Entity\Battery;
 use App\Entity\RiderRating;
+use App\Entity\Rider;
+use App\Entity\User;
 
 use DateTime;
 
@@ -191,7 +194,7 @@ class RAPIController extends Controller
         return $res->getReturnResponse();
     }
 
-    public function login(Request $req)
+    public function login(Request $req, EncoderFactoryInterface $ef)
     {
         $required_params = [
             'user',
@@ -202,6 +205,57 @@ class RAPIController extends Controller
         if ($res->isError())
             return $res->getReturnResponse();
 
+        // check if session has a rider already
+        if ($this->session->hasRider())
+        {
+            $res->setError(true)
+                ->setErrorMessage('Another rider is already logged in. Please logout first.');
+            return $res->getReturnResponse();
+        }
+            
+        // look for rider with username
+        $rider = $em->getRepository(Rider::class)->findOneBy(['username' => $req->request->get('user')]);
+        if ($rider == null)
+        {
+            $res->setError(true)
+                ->setErrorMessage('Invalid username or password.');
+            return $res->getReturnResponse();
+        }
+
+        // check if rider password is correct
+        $encoder = $ef->getEncoder(new User());
+        if (!$encoder->isPasswordValid($rider->getPassword(), $req->request->get('pass'), ''))
+        {
+            $res->setError(true)
+                ->setErrorMessage('Invalid username or password.');
+            return $res->getReturnResponse();
+        } 
+
+        // assign rider to session
+        $this->session->setRider($rider);
+
+        // TODO: log rider logging in
+
+        $em->flush();
+
+        return $res->getReturnResponse();
+    }
+
+    public function logout(Request $req)
+    {
+        $required_params = [];
+        $em = $this->getDoctrine()->getManager();
+        $res = $this->checkParamsAndKey($req, $em, $required_params);
+        if ($res->isError())
+            return $res->getReturnResponse();
+
+        // remove rider from session
+        $this->session->setRider(null);
+
+        // TODO: log rider logging out
+
+        $em->flush();
+
         return $res->getReturnResponse();
     }
 
diff --git a/src/Entity/RiderSession.php b/src/Entity/RiderSession.php
index 6d9fbf91..4c879cd7 100644
--- a/src/Entity/RiderSession.php
+++ b/src/Entity/RiderSession.php
@@ -106,4 +106,12 @@ class RiderSession
     {
         return $this->is_active;
     }
+
+    public function hasRider()
+    {
+        if ($this->rider == null)
+            return false;
+
+        return true;
+    }
 }