current user's session id?

To be a bit more clear, you can use whatever you want in the session, it doesn't have to be :id. It can be :user_id, :logged_in_user_id, whatever. But Patrick is correct in that the value has to get set when the user is logged in. If you're using something like acts_as_authenticated, it handles all of that for you and you can use

But if you're rolling your own like I do, then you set the session variable when the user successfully authenticates. Something like:

# find user by email and password
user = User.find_by_email_and_password(params[:email], params[:password])
if user
  session[:user_id] =
  redirect_to :controller => 'user', :action => 'home'
  flash[:error] = "Invalid login!"
  redirect_to :action => 'login'