diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 470ae23..a27e49c 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -8,7 +8,7 @@ class SessionsController < ApplicationController
   end
 
   def create
-    if user = User.authenticate_by(params.permit(:email_address, :password))
+    if user = User.authenticate_by(params.except(:authenticity_token, :commit).permit(:email_address, :password))
       start_new_session_for user
       redirect_to after_authentication_url, notice: t("sessions.new.notice")
     else