user pages how are they done

should a user's home page be invoked by a show then id => meaning /
show/id(of user)?? when they log into the application? because it
would be easy for another user to use /show/3 to access of another
user.

Whats the normal procedure when a user logs into your app to get to
his account page?

you store the id of the logged in user in the session.
then on the personal show page you only use the id
stored in the session to access his/her data.

You can use singular resources for the user, then
you do not even need to use the id in the url

map.resource :user
instead of
map.resources :user

will allow for that.

thin in the controller:
@user = User.find(session[:user_id])
and all data related by the user only from associations (eg he has
orders)
@user.orders.each dp |order|

That's roughly how to use Rails to make sure,
nobody can access data that's not his own

thanks i'll try it out once i have the chance