Topic: "Big Picture" of authentication....ref: Beast or any Restful_Authentic

I'm loving my Rails adventure and thanks for all the help on these forums. I'm building my authentication strategy and have another 'newbie' question.
I observe in the Restful_Authentication examples put forth by the Beast and Ben Curtis's starter example that there are two points of entry for these applications. If the user is currently in the database, the entry point would be the Sessions.new. If the user has never been signed up for this site, it appears their point of entry is the Users.new.
What confounds me is how do application builders decide where to START the user on their sites? I find no link between the user failing at the Session.new and being directed to the User.new?
Could someone 'broad brush' this design idea for me?
Thank you,
Kathy