httpSession in Grails

I need to access the domain class User of the current session. The following code works:

class RatingController {    
def rate = {
    def rating = params.rating
    def artist = Artist.get( params.id )
    def user = User.get(1)
    user.addToRatings(new Rating(artist:artist, rating:rating))
    user.save()
    render(template: "/artist/rate", model: [artist: artist, rating: rating])
}
}

But instead of explicitly get the user with ID equal 1 (User.get(1)) I need to access the user of the current session. I tried the following code, but it doesn't work:

class RatingController {    
def rate = {
    def rating = params.rating
    def artist = Artist.get( params.id )
    def user = user.session
    user.addToRatings(new Rating(artist:artist, rating:rating))
    user.save()
    render(template: "/artist/rate", model: [artist: artist, rating: rating])
}
}

I'm still struggling to fully understand the httpSession concept, so a little help would be great. Thank in advance.

UPDATE

In my UserController, my authentication looks like this:

def authenticate = {
  def user = User.findByLoginAndPassword(params.login, params.password)
  if(user){
    session.user = user
    flash.message = "Hello ${user.name}!"
    redirect(controller:"event", action:"list")
  }else{
    flash.message = "Sorry, ${params.login}. Please try again."
    redirect(acti开发者_如何学运维on:"create")
  }
}

the http session is nothing more than data that is maintained among a sequence of requests from a single source, like a browser.

To put something on the session, just do

session.setAttribute("key", value)

and to get data off the session just do

session.getAttribute("key")

Grails also adds some fanciness to session access as outlined here. Their example shows

def user = session["user"]
session["user"] = "John"
asset "John" == session.user

Note that if you are using a grails plugin for authentication and authorization, it will probably provide a way to get the user. For example Spring Security gives you the following

springSecurityService.getCurrentUser()

depending on the details of your plugin, that user might or might not be on the session.

In your code I noticed you wrote

def user = user.session

When I think you mean

def user = session.user

The other thing I do is make it session.userId ie session.userId = user.id and then

def user = User.get(session.userId)

Not sure if that's necessary.

You'll need to use .merge():

user.merge(flush: true)

This is because the instance is detached from the persistence context when you save it to HttpSession. Here is the doc from grails: http://grails.org/doc/2.3.1/ref/Domain%20Classes/merge.html