some question about before filter in rails 2.02

Hi guys,
  Following is a simple before filter under rails 2.02


class UsersController < ApplicationController

  skip_before_filter :authorize, :only => [:login]

  ## CRUD actions #####

  def login
      session[:user] = nil
      u = User.find_by_email params[:user][:email]
      unless u && u.password_equal?(params[:user][:password])
        session[:user] = u
        uri = session[:original_uri]
        session[:original_uri] = nil
        redirect_to(uri || {:action => :index})
        flash[:notice] = "the user name and email doesn't match!"



class ApplicationController < ActionController::Base
  helper :all # include all helpers, all the time

  # See ActionController::RequestForgeryProtection for details
  # Uncomment the :secret if you're not using the cookie session store
  protect_from_forgery # :secret => '4477fc7de98463482e367d7b0d4279eb'

  before_filter :authorize


  def authorize
    p "step to authorize"
    unless session[:user]
      flash[:notice] = "please login first..."
      session[:original_uri] = request.request_uri
      redirect_to(:controller => "users", :action => "login")

when I get the url http://localhost:3000/users, it always do loop in
action and "step to authorize" appears several times and I got the error

"Redirect Loop
  Firefox has detected that the server is redirecting the request for
this address in a way that will never complete.
The browser has stopped trying to retrieve the requested item. The site
is redirecting the request in a way that will never complete.
    * Have you disabled or blocked cookies required by this site?
    * NOTE: If accepting the site's cookies does not resolve the
problem, it is likely a server configuration issue and not your

  what's up? It seems it should work well, can anybody point this
  I am under ubuntu 8.04 LTS, thanks.