sample_rails_tailwind/app/controllers/sessions_controller.rb

class SessionsController < ApplicationController
  include SessionsHelper
  def new
  end

  def create
    user = User.find_by(email: params[:session][:email].downcase)
    # if user && user.authenticate(params[:session][:password])
    if user&.authenticate(params[:session][:password])
      forwarding_url = session[:forwarding_url]
      reset_session
      params[:session][:remember_me] == '1' ? remember(user) : forget(user)
      log_in user
      redirect_to forwarding_url || user
    else
      flash.now[:danger] = 'Invalid email/password combination'
      render 'new'
    end
  end

  def destroy
    log_out if logged_in?
    redirect_to root_url
  end
end
feat(sample): add session and header 2025-01-01 15:44:50 +08:00			`class SessionsController < ApplicationController`
			`include SessionsHelper`
			`def new`
			`end`

			`def create`
			`user = User.find_by(email: params[:session][:email].downcase)`
feat: enhance user session management - Update session creation to use safe navigation operator - Implement log_out method in SessionsHelper - Add session reset and login on user creation - Improve user login tests for better coverage These changes improve the user session management by ensuring that the session is handled more safely and efficiently. The addition of the log_out method centralizes session termination, while the updated tests ensure that both login and logout functionality are thoroughly validated. 2025-01-02 11:59:27 +08:00			`# if user && user.authenticate(params[:session][:password])`
			`if user&.authenticate(params[:session][:password])`
feat: add user authentication and authorization - Implement friendly forwarding for user login - Add correct_user method to ensure users can only edit their own profiles - Update sessions_controller to handle forwarding URL - Enhance user controller tests to verify redirection for unauthorized access These changes improve user experience by allowing users to be redirected back to their intended page after logging in. Additionally, the new correct_user method enhances security by preventing users from editing other users' profiles, ensuring proper authorization checks are in place. 2025-01-03 13:48:59 +08:00			`forwarding_url = session[:forwarding_url]`
feat(sample): add session and header 2025-01-01 15:44:50 +08:00			`reset_session`
feat: add remember me functionality to login - Implement remember me checkbox in login form - Update sessions controller to handle remember me logic - Enhance session management to prevent session hijacking - Add tests for remember me functionality This commit introduces a "Remember me" feature that allows users to stay logged in across sessions. It includes updates to the login form, session handling in the controller, and additional tests to ensure the functionality works as expected. The changes also improve security by validating session tokens to prevent session hijacking. 2025-01-02 17:49:06 +08:00			`params[:session][:remember_me] == '1' ? remember(user) : forget(user)`
feat(sample): add session and header 2025-01-01 15:44:50 +08:00			`log_in user`
feat: add user authentication and authorization - Implement friendly forwarding for user login - Add correct_user method to ensure users can only edit their own profiles - Update sessions_controller to handle forwarding URL - Enhance user controller tests to verify redirection for unauthorized access These changes improve user experience by allowing users to be redirected back to their intended page after logging in. Additionally, the new correct_user method enhances security by preventing users from editing other users' profiles, ensuring proper authorization checks are in place. 2025-01-03 13:48:59 +08:00			`redirect_to forwarding_url \|\| user`
feat(sample): add session and header 2025-01-01 15:44:50 +08:00			`else`
			`flash.now[:danger] = 'Invalid email/password combination'`
			`render 'new'`
			`end`
			`end`

			`def destroy`
fix: ensure user logout only if logged in - Update `destroy` action in `SessionsController` to log out only if the user is currently logged in. - Add a check in the `authenticated?` method of the `User` model to return false if `remember_digest` is nil. - Enhance integration tests to simulate logout in another browser session and verify that the logout link is not present after logging out. These changes improve the robustness of the session management by preventing unnecessary logout attempts and ensuring that authentication checks are more reliable. 2025-01-02 17:17:09 +08:00			`log_out if logged_in?`
feat: enhance user session management - Update session creation to use safe navigation operator - Implement log_out method in SessionsHelper - Add session reset and login on user creation - Improve user login tests for better coverage These changes improve the user session management by ensuring that the session is handled more safely and efficiently. The addition of the log_out method centralizes session termination, while the updated tests ensure that both login and logout functionality are thoroughly validated. 2025-01-02 11:59:27 +08:00			`redirect_to root_url`
feat(sample): add session and header 2025-01-01 15:44:50 +08:00			`end`
			`end`