How to Create a Simple Login System in Ruby on Rails



In this article, you will learn how to create a simple login system in Ruby on Rails.

Creating a simple login system

Creating a simple login system in Ruby on Rails involves the following steps:

Generate a new Rails application

To create a new Rails application, open a terminal window and type the following command:

rails new myapp

This will create a new Rails application in a directory named myapp.

Create a User model

To create a User model, open a terminal window and type the following command:

rails generate model User email:string password_digest:string

This will create a User model with two attributes: email and password_digest. The password_digest attribute is used to store an encrypted version of the user’s password.

Migrate the database

To create the Users table in the database, run the following command:

rails db:migrate

Add the bcrypt gem

To use password encryption, add the bcrypt gem to your Gemfile:

gem 'bcrypt', '~> 3.1.7'

Then run bundle install to install the gem.

Add authentication to the User model

Add the following line to the User model (app/models/user.rb) to enable authentication using bcrypt:

class User < ApplicationRecord

This will add two new methods to the User model: password and password_confirmation. When a user signs up or updates their password, these methods are used to generate and confirm the password.

Add a login form

Create a new view file for the login form (app/views/sessions/new.html.erb) with the following code:

<%= form_with url: login_path, local: true do |form| %>
  <%= form.label :email %>
  <%= form.email_field :email %>

  <%= form.label :password %>
  <%= form.password_field :password %>

  <%= form.submit "Log in" %>
<% end %>

Add a login route

Add the following route to your config/routes.rb file to create a route for the login form:

get '/login', to: 'sessions#new'
post '/login', to: 'sessions#create'

Create a Sessions controller

Create a new Sessions controller (app/controllers/sessions_controller.rb) with the following code:

class SessionsController < ApplicationController
  def new

  def create
    user = User.find_by(email: params[:session][:email].downcase)
    if user && user.authenticate(params[:session][:password])
      log_in user
      redirect_to user
    else[:danger] = 'Invalid email/password combination'
      render 'new'

  def destroy
    redirect_to root_url

This code defines two actions: new (which displays the login form) and create (which logs the user in). The log_in and log_out methods are defined in a separate module (app/helpers/sessions_helper.rb) as follows:

module SessionsHelper
  def log_in(user)
    session[:user_id] =

  def current_user
    @current_user ||= User.find_by(id: session[:user_id])

  def logged_in?

  def log_out
    @current_user = nil

These methods are used to set and clear the user_id session variable, which is used to keep track of the logged-in user.

Add a link to the login form

A link to the login form can be added to any view by using the link_to method with the appropriate URL. For example, <%= link_to 'Log in', login_path %> will create a link to the login form.