class SessionsController < ApplicationController require_unregistered_user only: %i[new create] # GET /sessions/new def new @session = Session.new end # POST /sessions or /sessions.json def create @session = Session.new(session_params) respond_to do |format| if @session.save session[:current_user_id] = @session.user_id format.html { redirect_to redirect_url, notice: "Session was successfully created." } format.json { render :show, status: :created, location: @session } else format.html { render :new, status: :unprocessable_entity, alert: @session.errors } format.json { render json: @session.errors, status: :unprocessable_entity } end end end # DELETE /sessions/1 or /sessions/1.json def destroy session[:current_user_id] = nil respond_to do |format| format.html { redirect_to new_session_url, notice: "Session was successfully destroyed." } format.json { head :no_content } end end private def redirect_url session.delete(:return_url) || root_url end # Only allow a list of trusted parameters through. def session_params params.require(:session).permit(:email, :password) end end