How To Make A Login Page In Ruby On Rails

Ruby Programming

Creating a login page is an essential part of any web application that requires user authentication. In this article, I will guide you through the process of making a login page using Ruby on Rails. As a developer who has worked extensively with Ruby on Rails, I can assure you that it is a powerful and effective framework for building web applications.

Setting up the Project

Firstly, we need to make sure that we have Ruby and Rails installed on our system. If you haven’t already, head over to the official Ruby website at and install the latest version of Ruby. Once that is done, open your terminal and install Rails by running the following command:

gem install rails

Once Rails is successfully installed, let’s create a new Rails project. Open your terminal and navigate to the directory where you want to create the project. Run the following command:

rails new login_page

This will create a new Rails project named “login_page”. Navigate into the project directory:

cd login_page

Creating the User Model and Migration

In order to create a login page, we need to have a user model to store user information. Let’s generate a new User model along with a migration file to create the necessary table in the database. Run the following command:

rails generate model User username:string password_digest:string

This will generate a new User model with two attributes: username and password_digest. The password_digest attribute is used to securely store the user’s password using bcrypt encryption.

Next, let’s run the migration to create the users table in the database. Run the following command:

rails db:migrate

Creating the Sessions Controller

Now that we have our User model set up, let’s create a Sessions controller to handle the login functionality. Run the following command to generate the controller:

rails generate controller Sessions new create destroy

This will generate a new Sessions controller with four actions: new, create, destroy, and index. We are mainly interested in the new, create, and destroy actions for our login page.

Implementing the Login Page

In the Sessions controller, open the new action and add the following code:

def new

This action is responsible for rendering the login page. Now, open the new.html.erb file located in the views/sessions directory and add the following code:


<%= form_tag sessions_path do %>

<%= label_tag :username %>
<%= text_field_tag :username %>
<%= label_tag :password %>
<%= password_field_tag :password %>

<%= submit_tag "Login" %>
<% end %>

Here, we have a simple login form with fields for username and password. The form is submitted to the sessions_path, which will map to the create action in the Sessions controller.

In the create action of the Sessions controller, add the following code:

def create
user = User.find_by(username: params[:username])
if user && user.authenticate(params[:password])
session[:user_id] =
redirect_to root_path, notice: "Logged in successfully"
else[:alert] = "Invalid username or password"
render :new

This code checks if the username and password entered by the user match a user record in the database. If the credentials are valid, we store the user’s ID in the session and redirect them to the root page. Otherwise, an error message is displayed and the login page is rendered again.

Adding Logout Functionality

In order to allow users to log out, let’s add a destroy action to the Sessions controller. Add the following code:

def destroy
session[:user_id] = nil
redirect_to root_path, notice: "Logged out successfully"

This action simply clears the user’s ID from the session and redirects them to the root page with a logout notice.

Protecting Pages with Authentication

Now that we have our login and logout functionality in place, you can easily restrict access to certain pages or actions by adding a before_action in your controllers. For example, let’s say you have a PostsController and you want to only allow logged-in users to create a new post. Open the PostsController and add the following code:

before_action :authenticate_user!, only: [:new, :create]

This code adds a before_action that calls a method called “authenticate_user!” before the new and create actions. The authenticate_user! method can be implemented in your ApplicationController to check if the user is logged in. If not, you can redirect them to the login page.


In this article, we have learned how to create a login page using Ruby on Rails. We started by setting up the project and creating the User model and migration. Then, we created a Sessions controller to handle the login functionality. We implemented the login page with a simple form and added the necessary actions to authenticate the user and store their session. We also added logout functionality and learned how to protect certain pages with authentication. By following these steps, you can create a secure login page for your Ruby on Rails application.