problem with nil.user

When are you saving the user_id to the session?

You need to force a redirect to a login page if there is no session [:user_id] and you should also handle the fact that session[:user_id] may be nil in your is_logged_in? method.

Just to clarify - are you setting session[:user_id] in the user.login! (session) call? The other suggestions on handling a nil session[:user_id] (i.e. using find_by_id) are the appropriate ways to handle the error.

Eric