Models don't have access to the session, so session[:user_id] is nil.
Sessions are a controller thing. One way I've seen this work is this:
1. Add a 'current_user' class property to your User model
2. Create a before_filter that sets this to the session[:user] on every
request (not just at login)
3. In your model code, use 'User.current_user' instead of session[:user]