correctly handle failed login

app/controllers/sessions_controller.rb

@@ -1,6 +1,9 @@
 # frozen_string_literal: true
 
 class SessionsController < ApplicationController
+
+  LOGIN_FAILED = "Login failed due to invalid credentials. Are you sure you typed them correctly?"
+
   # GET /users/login
   def new
   end
@@ -14,8 +17,10 @@ class SessionsController < ApplicationController
   # POST /users/login
   def create
     user = User.find_by(email: session_params[:email])
-    if user.&authenticate(session_params[:password])
+    if user&.authenticate(session_params[:password])
       login(user)
+    else
+      redirect_to root_path, notice: LOGIN_FAILED
     end
   end