ruby on rails - 'Login' form not accessing user database -

i trying build simple user authentication application. think problem 'login' form not pointing :user database. when create new user, have set auto-login. function works great, when go login same user in login form, returns error of "username null limit 1. using rails 4.2.5 . when go rails console, can see user still exists.

i apologize in advance horrible coding habits, i've been teaching myself. thank in advance help.

sessions controller:

class sessionscontroller < applicationcontroller     def new      end     def create      user = user.find_by_username(params[:username])      if user && user.authenticate(params[:username][:password])        session[:user_id] = user.id        redirect_to root_path, notice: "you logged in."      else         redirect_to '/login', notice: "incorrect email or password! "      end     end      def destroy        session[:user_id] = nil        redirect_to root_path, notice: "logged out."      end  end 

user model

class user < activerecord::base  has_secure_password  validates_uniqueness_of :username, :email  validates :password, length: {minimum: 6}, allow_blank: true  has_many :messages end 

login form

<div class="login"> <%= simple_form_for :sessions |f| %>   <%= f.input :username %>   <%= f.input :password %>   <%= f.button :submit, "login" %> <% end %> </div> 

when attempt login, terminal returns:

started post "/login" 127.0.0.1 @ 2016-06-02 00:02:15 -0400 processing sessionscontroller#create html parameters: {"utf8"=>"✓", "authenticity_token"=>"wnjzivl/xhaegdsjnani6lwldramigkm2kdwmsvlfxmh6fcwg1lorwg09wgsn2z3rizkreodkhz0gjeyfcw3yq==", "sessions"=>{"username"=>"crackerjack540", "password"=>"[filtered]"}, "commit"=>"login"} user load (0.2ms) select "users".* "users" "users"."username" null limit 1 redirected http://localhost:3000/login completed 302 found in 2ms (activerecord: 0.2ms)

username within session object, instead of this:

user = user.find_by_username(params[:username]) 

you should doing this:

user = user.find_by_username(params[:sessions][:username]) 

also, further below, access password:

user.authenticate(params[:sessions][:password]) 

hope helps!