Untitled

class ApplicationController < ActionController::Base
  # Pick a unique cookie name to distinguish our session data from others'
  session :session_key => '_aesolutions_session_id'

  # Ensure all users are authenticated
  before_filter :check_authentication

  user_id = session[:user]
  @user = User.find(user_id)

  def check_authentication
    unless session[:user]
      session[:intended_action] = action_name
      session[:intended_controller] = controller_name
      redirect_to :action => "signin", :controller => "user"
    end
  end

end

class UserController < ApplicationController
  before_filter :check_authentication, :except => [:signin]

  # Allows a user to log in.
  def signin
    if request.post?
      begin
        session[:user] = User.authenticate(params[:username], params[:password]).id
        redirect_to :action => 'list', :controller => 'companies'
        # redirect_to :action => session[:intended_action],
        #            :controller => session[:intended_controller]
      rescue
        flash[:error] = "Username or password invalid."
      end
    end
  end

  # Logs a user out.
  def signout
    session[:user] = nil
    redirect_to login_url
  end

end

require 'digest/sha2'
class User < ActiveRecord::Base

  validates_uniqueness_of :username => '- that username already exists.'

  def self.authenticate(username, password)
    user = User.find(:first, :conditions => ['username = ?', username])
    if user.blank? ||
      Digest::SHA256.hexdigest(password + user.password_salt) != user.password_hash
      raise "Username or password invalid"
    end
    user
  end

  def password=(pass)
    salt = [Array.new(6){rand(256).chr}.join].pack("m").chomp
    self.password_salt, self.password_hash =
      salt, Digest::SHA256.hexdigest(pass + salt)
  end

end


For my application controller:

  user_id = session[:user]
  @user = User.find(user_id)

The first line causes:

Symbol as array index
./script/../config/../app/controllers/application.rb:11:in `[]'