rails 4 introduced different strategies, but we never configured one so it would default to a null session.
* Add User model * Add SessionsController * Add password authentication on User * Request authentication for all actions except sign in * Add some helpers for ApplicationController * Update features to work with mandatory authentication
rails new
