problem with nil.user

When are you saving the user_id to the session?

You need to force a redirect to a login page if there is no session
[:user_id] and you should also handle the fact that session[:user_id]
may be nil in your is_logged_in? method.

Just to clarify - are you setting session[:user_id] in the user.login!
(session) call?
The other suggestions on handling a nil session[:user_id] (i.e. using
find_by_id) are the appropriate ways to handle the error.