Login expects the session manager. Here is a snippet of C# code for illustration:
ManagedObjectReference morServiceInstance = new ManagedObjectReference();
morServiceInstance.type = "ConverterServiceInstance";
morServiceInstance.Value = "ServiceInstance";
_converterService = new ConverterService();
_converterService.Url = serverUrl;
_converterService.CookieContainer = new System.Net.CookieContainer();
ServicePointManager.ServerCertificateValidationCallback =
new RemoteCertificateValidationCallback(RemoteCertificateValidation);
_converterServerContent = (ConverterServerContent)_converterService.ConverterRetrieveServiceContent(morServiceInstance);
_userSession = _converterService.ConverterLogin(_converterServerContent.sessionManager, username, password, null);
However this example uses generated stub classes, I don't know how it looks in XML as a SOAP request.