rails/gist:267595

## gistfile1.rb
class SessionsController < ApplicationController
  skip_before_filter :authorize, :only => [ :new, :create ]

  def new
  end

  def create
    if user = User.authenticate(params[:name], params[:password])
      session[:user_id] = user.id
      redirect_to admin_products_url
    else
      redirect_to new_session_url, :alert => "Invalid user/password combination"
    end
  end

  def destroy
    session[:user_id] = nil
    redirect_to new_session_url, :notice => "Logged out"
  end
end

# resource :session
	class SessionsController < ApplicationController
	skip_before_filter :authorize, :only => [ :new, :create ]

	def new
	end

	def create
	if user = User.authenticate(params[:name], params[:password])
	session[:user_id] = user.id
	redirect_to admin_products_url
	else
	redirect_to new_session_url, :alert => "Invalid user/password combination"
	end
	end

	def destroy
	session[:user_id] = nil
	redirect_to new_session_url, :notice => "Logged out"
	end
	end

	# resource :session