To be a bit more clear, you can use whatever you want in the session, it doesn't have to be :id. It can be :user_id, :logged_in_user_id, whatever. But Patrick is correct in that the value has to get set when the user is logged in. If you're using something like acts_as_authenticated, it handles all of that for you and you can use
But if you're rolling your own like I do, then you set the session variable when the user successfully authenticates. Something like:
# find user by email and password
user = User.find_by_email_and_password(params[:email], params[:password])
session[:user_id] = user.id
redirect_to :controller => 'user', :action => 'home'
flash[:error] = "Invalid login!"
redirect_to :action => 'login'