How to get a legit ActionController with a nil @session param ... read on

A browser sends a request (/main/index) so ROR creates an instance of main_controller and invokes the index action on it. main_controller has registered ``audit" as a before_filter. ``audit" is called first before ``index". so far so good.

def audit() does this:

        // the login_controller handles the login page and         // knows whether or not there's a valid login by         // inspecting the session param in a certain way         // which it encapsulates.         //         // remember: audit is a method inside main_controller         c =         if c.valid_user == true // if there's a valid login            . . .

The problem: when c.valid_user (that is LoginController.valid_user via the `c' object) attempts to read from it's @session param it is nil.

Conclusion: creates a new controller but its @session param is nil. Implication: During the normal course of routing action calls, the ROR framework creates your controller on your behalf via its class method .new and, at a later time, also sets the session variable for your.

The design goal here is simple: delegation: I can have exactly one class encapsulate all the authentication stuff. However my design is broken because of the unexpected problem of not accessing the @session pram