newbie question on usersession

all:
prob a stupid question.. new to ruby/rails.

I have a working ruby on rails app on my server. However, i don't
provide authentication service. (login etc).. In my workplace, there
is a centrally authenticated URL- if ppl go there first, they can get
authenticated. i thought i will put my html start page in this
centrally authenticated place(with a form and hidden param and
redirect to my ruby on rails server).

I however, want to prevent ppl directly using http://myServer/app/main

So,
in my main method, i do this
def controller_main
   @user = @params['user']
   if (@user == nil)
       redirect_to "http://goway.com" # basically send them to some no
accesspl
   end
end

This looked good.. but the problem is: i have other methods like list
def list
  # This lists all my data
  #here my check for @user always returns nil. Why?
end

Only main method gets access to the html hidden param 'user'. i dont
know why storing it in @user does not work (i thought its instance
variable).

Thanks for your reply. It still does not work for me.
It only works on access to my main page (since the html redirect is
passing a hidden param).
in the login server, my html page content is like this

the way i solved is using session[:user] = @params[‘user’]

and in other methods i just use the value of session[:user]