Using the request/response cycle as a guide, here’s how authentication fits in:

Turn one:

  1. When a user visits the signup page, the browser makes an HTTP GET request for the URL /signup.
  2. The Rails router maps the URL /signup to the Users controller’s new action. The new action handles the request and passes it on to the view.
  3. The view displays the signup form.

Turn two:

  1. When the user fills in and submits the form, the browser sends the data via an HTTP POST request to the app.
  2. The router maps the request to the Users controller’s create action.
  3. The create action saves the data to the database and redirects to the albums page. The action also creates a new session.

What is a session? A session is a connection between the user’s computer and the server running the Rails app. A session starts when a user logs in, and ends when the user logs out.



Looking at the request/response cycle, we need five parts to add signup machinery to the app: a model, a controller, routes, views, and logic for sessions. Let’s start here by creating a model.

Generate a model named User.


In app/models/user.rb, add a method named has_secure_password.

class User < ActiveRecord::Base has_secure_password end

In the Gemfile on line 30, uncomment the bcrypt gem


Install the gems.

Sign up to start coding

Mini Info Outline Icon
By signing up for Codecademy, you agree to Codecademy's Terms of Service & Privacy Policy.

Or sign up using:

Already have an account?