Pass in another Wheels model object to see if the two objects are the same.
compareTo() <!--- Load a user requested in the URL/form and restrict access if it doesn't match the user stored in the session --->
<cfset user = model("user").findByKey(params.key)>
<cfif not user.compareTo(session.user)>
<cfset renderPage(action="accessDenied")>
</cfif>