app/controllers/sessions_controller.rb
class SessionsController < ApplicationController
def new
redirect_to admin_root_path if current_user
end
def create
user = User.find_by_name(params[:name])
if user && user.authenticate(params[:password])
session[:user_id] = user.id
redirect_to admin_root_path, notice: "Logged in!"
else
flash.now.alert = "Invalid email or password"
render "new"
end
end
def destroy
session[:user_id] = nil
redirect_to root_url, notice: "Logged out!"
end
end