After logging into the application and then closing the browser completely, I re-open the browser expecting to be logged-out. However I am still logged in?
I am in section 8.2.3 Changing the layout links and apart from the above, the application looks and runs as expected. Also the code is as it is from the tutorial. I think these are the relevant files:
# Logs in the given user.
session[:user_id] = user.id
# Returns the current logged-in user (if any).
@current_user ||= User.find_by(id: session[:user_id])
# Returns true if the user is logged in, false otherwise.
class SessionsController < ApplicationController
user = User.find_by(email: params[:session][:email].downcase)
if user && user.authenticate(params[:session][:password])
flash.now[:danger] = 'Invalid email/password combination'
session is cleared when you close your browser, so you should be logged out automatically in this case. Some browsers remember your session anyway, though, as discussed in this footnote, and that could be what's going on here.