app/controllers/sessions_controller.rb

@@ -0,0 +1,40 @@
+class SessionsController < ApplicationController
+  # GET /sessions/new
+  def new
+    @session = Session.new
+  end
+
+  # POST /sessions or /sessions.json
+  def create
+    @session = Session.new(session_params)
+
+    respond_to do |format|
+      if @session.save
+        session[:current_user_id] = @session.user_id
+        Rails.logger.info("ID: #{@session.user_id}")
+
+        format.html { redirect_to root_url, notice: "Session was successfully created." }
+        format.json { render :show, status: :created, location: @session }
+      else
+        format.html { render :new, status: :unprocessable_entity, alert: @session.errors }
+        format.json { render json: @session.errors, status: :unprocessable_entity }
+      end
+    end
+  end
+
+  # DELETE /sessions/1 or /sessions/1.json
+  def destroy
+    session[:current_user_id] = nil
+
+    respond_to do |format|
+      format.html { redirect_to root_url, notice: "Session was successfully destroyed." }
+      format.json { head :no_content }
+    end
+  end
+
+  private
+    # Only allow a list of trusted parameters through.
+    def session_params
+      params.require(:session).permit(:email, :password)
+    end
+end

app/helpers/sessions_helper.rb

@@ -0,0 +1,2 @@
+module SessionsHelper
+end

app/views/sessions/_form.html.erb

@@ -0,0 +1,27 @@
+<%= form_with(model: session, class: "contents") do |form| %>
+  <% if session.errors.any? %>
+    <div id="error_explanation" class="bg-red-50 text-red-500 px-3 py-2 font-medium rounded-lg mt-3">
+      <h2><%= pluralize(session.errors.count, "error") %> prohibited this session from being saved:</h2>
+
+      <ul>
+        <% session.errors.each do |error| %>
+          <li><%= error.full_message %></li>
+        <% end %>
+      </ul>
+    </div>
+  <% end %>
+
+  <div class="my-5">
+    <%= form.label :email %>
+    <%= form.text_field :email, class: "block shadow rounded-md border border-gray-400 outline-none px-3 py-2 mt-2 w-full" %>
+  </div>
+
+  <div class="my-5">
+    <%= form.label :password %>
+    <%= form.password_field :password, class: "block shadow rounded-md border border-gray-400 outline-none px-3 py-2 mt-2 w-full" %>
+  </div>
+
+  <div class="inline">
+    <%= form.submit class: "rounded-lg py-3 px-5 bg-blue-600 text-white inline-block font-medium cursor-pointer" %>
+  </div>
+<% end %>

app/views/sessions/_session.html.erb

@@ -0,0 +1,2 @@
+<div id="<%= dom_id session %>">
+</div>

app/views/sessions/_session.json.jbuilder

@@ -0,0 +1,2 @@
+json.extract! session, :id, :created_at, :updated_at
+json.url session_url(session, format: :json)

app/views/sessions/new.html.erb

@@ -0,0 +1,7 @@
+<div class="mx-auto md:w-2/3 w-full">
+  <h1 class="font-bold text-4xl">New session</h1>
+
+  <%= render "form", session: @session %>
+
+  <%= link_to "Back to sessions", sessions_path, class: "ml-2 rounded-lg py-3 px-5 bg-gray-100 inline-block font-medium" %>
+</div>

config/routes.rb

@@ -1,5 +1,6 @@
 Rails.application.routes.draw do
-  resources :sessions, only: %i[new create destroy]
+  resources :sessions, only: %i[new create]
+  resource :session, only: :destroy
   resources :users
   resources :credit_card_bills
   resource :dashboard, only: :show

test/controllers/sessions_controller_test.rb

@@ -0,0 +1,27 @@
+require "test_helper"
+
+class SessionsControllerTest < ActionDispatch::IntegrationTest
+  test "should get new" do
+    get new_session_url
+    assert_response :success
+  end
+
+  test "should create session" do
+    user = users(:one)
+    params = {
+      session: {
+        email: user.email,
+        password: "secret"
+      }
+    }
+    post sessions_url, params: params
+
+    assert_redirected_to root_url
+  end
+
+  test "should destroy session" do
+    delete session_url(@session)
+
+    assert_redirected_to root_url
+  end
+end

test/system/sessions_test.rb

@@ -0,0 +1,25 @@
+require "application_system_test_case"
+
+class SessionsTest < ApplicationSystemTestCase
+  setup do
+    @user = users(:one)
+  end
+
+  test "should create session" do
+    visit new_session_url
+
+    fill_in "Email", with: @user.email
+    fill_in "Password", with: "secret"
+
+    click_on "Create Session"
+
+    assert_text "Session was successfully created"
+  end
+
+  test "should destroy Session" do
+    visit root_url
+    click_on "Log out", match: :first
+
+    assert_text "Session was successfully destroyed"
+  end
+end