Clean URL's and User Authentication

I've started programming rails, so my comments may not count for much, but actually, I think there's an easier solution to that problem: changing your routes.

search for the config directory, and you should find routes.rb . Near the bottom, there should be the line:   map.connect ':controller/:action/:id.:format'   map.connect ':controller/:action/:id' just take out the :id (and :id.format) part, and give that a try. I believe that so long as params[:id] holds the id value, the program will still manage to redirect as if you gave it the id value.

I have tried that and I get a routing error. Not sure why, cause the references I have say that should be a solution as well?? Thanks though, I'll keep trying,

Huh. You could attempt to use another unique parameter to pass in instead of the id (for example, username), but I doubt that'll improve anything, just make things more predictable...

I do have a solution for your second method. Assuming the model name is User, and assuming you are using sessions instead of cookie, just use the if/else statement:

You're Welcome! I'm glad I could help you! A little note: I was a little confused when you said session[:user] held the id. For security reasons, it's best only to hold the id; but if you say something like session[:user]=@user, it *should* store the whole object (I haven't tested this out, yet, so I don't know). In that case, yes, session[:user].id should work. As I mentioned before, though, that's a very bad idea. It means you're storing the password data into the sessions, and sessions are simply not as secure as databases are. If you need to keep any info about the user, only store the id, and leave the find method do all the work.