The Restful Authentication plugin seems to be the standard right now, although I'm staring to wish I'd tried something else, maybe AuthLogic... because restful_authentication is kind of poorly documented. One serious error of ommission is how the hell do you update your tests so that you can run them on controllers that require a logged in user? Well, I have had the pain, and so you can have the quick answer, here it is.

Assuming you are using ActionController::TestCase ... first edit test_helper.rb:

  # Add this helper function to test_helper.rb
# It will allow you to run any block under the aegis of
# a controller of your choosing. This is not something
# that is possibly by default
def run_with_controller( controller_class )
old_controller = @controller
@controller = controller_class.new
yield
@controller = old_controller
end

Now you can use that helper method in your test cases, in the setup function do this:

  def setup
run_with_controller(SessionsController) do
post :create, { :login => "george", :password => "monkey" }
end
end

What you're doing here is simply making a POST to the Restful Authentication SessionsController to "create" a new session, pass in a login/password that exists in your fixtures. And that's it.

By the way, if you chose to install with RSpec because of the dire warnings that old fashioned tests will be out of date, but aren't currently using RSpec for you other tests, you should copy the rspec fixture data into test/ so that you get the right password hashes. Tricky...