Rails session -- current_user changes

I have a current_user variable set to the logged in user, this should be static for the duration of the session, but when I show one of 开发者_如何学Cthe other users, I seem to "become" that user, with all of its permissions (or lack thereof)

in my users controller:

def show
  @user = User.find(params[:id])

 respond_to do |format|
  format.html # show.html.erb
  format.xml  { render :xml => @user }
end
end

in my sessions helper:

  def current_user?(user)
    @current_user = user
  end

 def current_user
   @current_user ||= user_from_remember_token
 end

In my sidebar

<%= link_to current_user.username, :controller => 'users', :action => 'show', :id => current_user.id %></br>

This reflects the changing of the user (as does the new absence of additional "admin" links)

What am I missing?

The current_user? method is incorrect. It sets the current_user to user, instead of returning whether current_user is the same as user.

If you change it to the following everything will probably work as expected:

def current_user?(user)
  @current_user == user
end

Maybe your authentication system is storing the current user in both @current_user and @user -- so in your show action you are accidentally setting the current user to the user you are trying to show.

Try @user_to_show in your show action instead and see if that fixes it.