function create_session($request)
{
    $raw_input = $request->getBody();
    $content_type = explode(';', $request->type)[0];
    switch ($content_type) {
        case 'application/json':
            $input_data = json_decode($raw_input, true);
            break;
        case 'application/x-www-form-urlencoded':
            $input_data = array();
            parse_str($raw_input, $input_data);
            break;
        default:
            Util::output_errors_and_die('', 415);
    }
    if ($input_data === null) {
        Util::output_errors_and_die('', 400);
    }
    set_empty_if_undefined($input_data['username_or_email']);
    set_empty_if_undefined($input_data['password']);
    $msg = new Messages($GLOBALS['locale'], '/signin');
    try {
        $model = new Model();
        $user_data = $model->is_valid_user($input_data['username_or_email'], $input_data['password']);
        if (!$user_data) {
            Util::output_errors_and_die($msg->_('invalid-username-pw'), 403);
        }
        switch ($user_data['status']) {
            case 'pending-activation':
                Util::output_errors_and_die($msg->_('pending-activation'), 403);
                break;
            case 'pending-approval':
                Util::output_errors_and_die($msg->_('pending-approval'), 403);
                break;
            case 'banned':
                Util::output_errors_and_die($msg->_('banned'), 403);
                break;
            case 'active':
                $token = generate_token($user_data);
                $now = new DateTime('now');
                $expires_at = clone $now;
                $expires_at->add(new DateInterval('P7D'));
                $model->insert_auth_token($user_data['user_id'], $token, $now, $expires_at);
                http_response_code(201);
                $output = array('token' => $token, 'expires_at' => $expires_at->format('Y-m-d H:i:s'));
                setcookie('authToken', $token, $expires_at->getTimestamp(), '/', '', $secure = true, $httponly = true);
                header('Content-Type: application/json');
                echo my_json_encode($output);
                die;
                break;
        }
    } catch (DatabaseException $e) {
        Util::output_errors_and_die($e->getMessage(), 503);
    } catch (Exception $e) {
        Util::output_errors_and_die($e->getMessage(), 400);
    }
}