A basic authentication scheme should go to some length to do a little bit of remembering in the event your user hits a restricted page before they are actually authenticated.
First, some context. I’ve got this in my ApplicationController:
def require_user
unless current_user
store_location
redirect_to login_path
[...]