You are going to have to model parents as well as children, or require they enter the username/password for each child separately. Then in the before_filter of your actions you need to verify that the session contains the username for the requested child. When they provide a username and password store the username in the session. If they fail to enter the correct username and password be sure to clear the session values so they can not keep trying.
Michael
