Rails - Oct 2005 - update problem

Hey group,

Sorry this is so long, but I like to be explicit with my problems so as 
to not waste members time.

I''m having a strange update problem. I''m trying to update a
couple
fields in a record. I''ve created a user management function in an 
application and I want to have the user change the temporary, assigned 
password the first time they login. I''ve basically followed the 
"Administrativia" tutorial in the "Agile Web Development"
book, with a
few added features.

I''ve added a method (with an associated view) to the Login controller 
called "confirmation":

Login Controller code:
def confirmation
        if request.get?
            @user = User.new
            @id = session[:user_id]
        else
            @user = User.new(params[:user])
            confirm_user = @user.user_confirmation
           
            if confirm_user
                redirect_to(:action => "index")
                flash[:notice] = "Your password has been changed."
            end
        end
end

Here''s my thinking about how this works. If the browser sends a get 
request then display the form. That works fine. The form contains three 
fields. One hidden field containing the "user_id" and two text fields,
"password" and "password_confirmation". If the request is a
"post" then
get the parameters from the form and send the values to the "User" 
module. Create "confirm_user" using the "User" module and
parameters
used, with the user_confirmation method in the module. Here''s the code 
for that as well:

Hidden "user_id" field in the RHTML file:
<input id="user_id" name="user[id]"
type="hidden" value="11" />

User Module code:
def user_confirmation
        User.update_user(self.id, self.password)
end

def self.update_user(id, password)
        hashed_password = hash_password(password || "")
        user = User.find(id)
        user.update_attributes(    :password => hashed_password,
                                                        :confirmed_on => 
Time.now,
                                                        :temp_password 
=> password)
end


I use the "hash_password" method from the tutorial, which works great 
with the "add_user" method. I know changing the password is possible 
from the Controller, but I want to use the validation features in the 
module to validate the password, plus I need to hash the new password.

Problem:
So when I try this I can login, then I get forwarded to change my 
password. When I type the new password in twice and submit the form I 
get a RecordNotFound error "Couldn''t find User without an ID"
because
the "ID" is not passing to the "User" module. It shows up in
the
parameters of the page. Why are the parameters not passing to the module?

Thanks for the help.
Clint