To be a bit more clear, you can use whatever you want in the session, it doesn't have to be :id. It can be :user_id, :logged_in_user_id, whatever. But Patrick is correct in that the value has to get set when the user is logged in. If you're using something like acts_as_authenticated, it handles all of that for you and you can use
current_user.id
But if you're rolling your own like I do, then you set the session variable when the user successfully authenticates. Something like:
# find user by email and password user = User.find_by_email_and_password(params[:email], params[:password]) if user session[:user_id] = user.id redirect_to :controller => 'user', :action => 'home' else flash[:error] = "Invalid login!" redirect_to :action => 'login' end
Peace, Phillip