authentication_controller.rb

class Authentication < ActionController::Base
  protect_from_forgery with: :exception

  Form = Struct.new(:username, :password)

  def sign_in_form
    @form = Form.new(nil, nil)
  end
  
  def sign_in
    username = params[:usersname]
    password = params[:password]

    # without salted password
    user = User.find_by(username: username, password: password)
    if user
      set_session(user)
      redirect_to root_path
    else
      flash[:error] = 'Invalid username / password'
      render :sign_in_form, form: Form.new(username, nil)
    end
  end

  def logout
    delete_session
    redirect_to root_path
  end
  
  def set_session(user)
    session[:user_id] = user.id
  end

  def delete_session
    session[:user_id]
  end

  private :set_session, :delete_session
end

authentication_helper.rb

# include it application_controller. you can use current_user then in controllers and views 
module AuthenticationHelper
  def current_user
    User.find_by(id: session[:user_id])
  end
end