Develop Reference

"Restful" resources in rails: session[:user_id] = user.id syntax when session is a resource but not a model

Working through authentication in RailsCasts, there was one where I didn't understand something completely fundamental and important (it's pro, sorry - you need to be subscribed to access it).
He creates a user model with an email and encrypted password (has_secure_password).
Then he makes a new controller called Sessions, and declares it as a resource in the config. i.e.
resources :sessions
Then, inside the sessions controller, he defines the create method like this:
user = find user and authenticate
if user
session[:user_id] = user.id
else ...
But sessions as a model doesn't exist. For instance, if I open up my console and write
sessions[:user_id] = "hello"
it throws. Does anyone have an explanation or a link to this very basic concept that I'm missing?
Thanks!
Edit: Thanks Sanfor. Typo fixed, also for markup plus most importantly an answer!

I suppose you have copied the session as sessions in your question, is that correct? The screen cast is revised, so you'd need to be subscribed what I'm not nowadays so can't confirm it more than what comments say.
Now to the actual answer, the session is Rails internal reference to the actual session on hand as described here and for that reason you can't see the model for it created.

Simplistic explanation:
session is just a hash and stored as a cookie. (Unless you specifically instructed Rails to store it in the database). Models are typically ActiveRecord based and have some behavior.
You can add to it by simply
session[:some_thing] = "Info for session"
session[:store_this_too] = "Some other info to track for this session"
The session hash is created by the controller-related class/modules and rails console doesn't load them. Therefore, it is not available in the console.
Here's a pretty old Railscasts which explains a bit more. And this which takes the model-based approach. Bear in mind they are from the old days.

Do we need to delete session variables after user logout?

In Ruby on Rails :
suppose I am having session[:my_var] = 'my_val'
So here my question is :
Do we need to set session[:my_var]=nil before user's sign-out?
or it will auto release the memory it has.

Ruby on Rails doesn't know what you want to keep or not when a user signs-out.
Say for example you have a session[:language] that is useful for every user, even anonymous ones. You wouldn't want to erase it to display the default language after the user has gone through the trouble of selecting one in particular.
So, delete the session objects you need to, like session[:user]=nil and keep the rest. If you have a lot of them to delete, make yourself a logout helper.
If you know you can swipe the whole session, use the reset_session like #adcosta said.

If you want to clean your app session use reset_session.
If you only want to clean a var do session[:my_var]=nil
See Sessions in rails

If you have set up your authentication code properly, that should handle the release from memory. Here is how I did it in one of my apps:
#sessions_controller
def destroy
reset_session
redirect_to login_path, notice: 'Logged out'
end

Rails3 / Sessions / Active_Record_Store / Signout --> How to delete the cookie and the record in the Sessions table?

Using active_record_store to store information relating to my users' sessions, and having a great time with how easy it is, but also finding that it is so easy that I am not taking the time to understand it.
I recently found that when users sign out of my site, nothing in the Sessions table is deleted, and so I have very quickly amassed a rather large Sessions table.
What I'd like to do is: Delete the record in the Sessions table when the user signs out AND delete the cookie on the user's computer. What do I have to add to my signout routine to accomplish this?
As of now, all that I'm doing is wiping the user id from the session data, which is clearly not sufficient. I thought I could just delete the record from Sessions by calling the destroy() method on the ActiveRecord object, but, I don't have the session ID. (Maybe I just don't know how to get it?)

I'm a freshman of rails,but i suggest you try this :
rake db:sessions:clear

Only because this is the top answer on google when searching for "rails active_record_store clear table", here is the answer on how to clear the sessions-table: https://stackoverflow.com/a/10088725/1474934

session[:user_id] = nil
session[:username]= nil
flash[:notice]= "You have been Logged out"
redirect_to(:action => "login")

Steps to create my own authentication system, need some guidance

I want to learn how to create my own authentication system, please provide some guidance if am doing this wrong.
I will create a Module in my /lib folder /lib/auth.rb
I will require this module in my ApplicationController.
when a user enters their email + password, I will call a method that will do a lookup in the user's table for a user with the same email, I will then compare the passwords. (i'll add encryption with salt later).
If the user entered the correct credentials, I will create a row in the Sessions table, and then write the session GUID to a cookie.
Now whenever I need to check if the user is logged in, or I need the user object, I will check if the cookie exists, if it does, I will lookup the session table for a row with the same guid, if it exists, I will return the session row and then load the User object.
I realize there are many suggestions one can give, but in a nutshell does this sound like a workable solution?
Now to make this usable, I will have to make some helper methods in my ApplicationController right?
How will I access the current_user from within my views?
P.S I know of other authentication systems, I just want to learn how to create my own.

The basic logic you're following is correct. Of course you can always expand on this with features that you need. For instance, you'll need helper methods for things like "logged_in?" and "current_user". Also, you might want to add session expiry, or session retention as a "remember me" feature.
Go for it, you won't learn authentication systems better than building your own then figuring what's wrong with it.

You should really check out the authlogic gem on github.
http://github.com/binarylogic/authlogic
It also has great instructions on how to set up your users.

After Faisal said what I would say, I only give you answer to the last part of your question:
"How will I access the current_user from within my views?"
try something like this:
class User < ...
def self.current=(u)
#current = u
end
def self.current
#current
end
end
In your views (or any part of your code) you can call User.current. Your controller has to assign a validated user to User.current. Your filters can react to "if User.current.nil?" and so on.
If you want to be thread safe, you may use a thread variable instead of #current:
Thread.current[:current_user] = u

Retrieve session with session_id in Ruby On Rails?

I want to access the session of a user from a different domain than the one that I initiated the session. Can I use session.session_id of the user and then retrieve the session hash of that user ?
Thank you

If it's on a different domain (i.e., not a subdomain), there's no way to get the session info (cause it's stored in a cookie)—you'll need something else (see this question). If it's a subdomain, I think there's a neat way to do it automatically by setting the cookie's domain (look in environment.rb's config.action_controller.session, try setting :session_domain)

It looks like you could use something like:
CGI::Session::ActiveRecordStore::SqlBypass::find_by_session_id(session_id)
However, I'm not sure if that's a good idea or not -- and in this case it is only useful if you're using the ActiveRecordStore. Not sure what else is available on the other stores, but if you poke around under actionpack/lib/action_controller/session/* you'll probably get a more definitive answer.