kissingcomputer/app/controllers/sessions_controller.rb

class SessionsController < ApplicationController

  allow_unauthenticated_access only: %i[new create]
  rate_limit to: 10, within: 3.minutes, only: :create, with: -> { redirect_to new_session_path, alert: "Try again later." }


  def new
  end


  def create
    
    user = User.find_by(email_address: params[:email_address])

    if user&.authenticate(params[:password]) 
      session[:user_id] = user.id
      start_new_session_for(user)
      redirect_to root_path, notice: "Signed in!"
    else
      flash[:alert] = "Invalid email or password"
      render :new, status: :unprocessable_entity
    end
  end


  def destroy
    session.delete(:user_id)  
    reset_session              
    redirect_to root_path, notice: "Signed out!"
  end
end
first 2026-01-10 16:17:07 +00:00			`class SessionsController < ApplicationController`

			`allow_unauthenticated_access only: %i[new create]`
			`rate_limit to: 10, within: 3.minutes, only: :create, with: -> { redirect_to new_session_path, alert: "Try again later." }`


			`def new`
			`end`


			`def create`

			`user = User.find_by(email_address: params[:email_address])`

			`if user&.authenticate(params[:password])`
			`session[:user_id] = user.id`
			`start_new_session_for(user)`
			`redirect_to root_path, notice: "Signed in!"`
			`else`
			`flash[:alert] = "Invalid email or password"`
			`render :new, status: :unprocessable_entity`
			`end`
			`end`


			`def destroy`
			`session.delete(:user_id)`
			`reset_session`
			`redirect_to root_path, notice: "Signed out!"`
			`end`
			`end`