David came up with a quick tip for anyone stress testing protected pages with a stateless tester, such as siege.

1. Log in with your browser
2. View the cookies and find the session id (Firefox has a handy cookie search tool)
3. Prepend the queries with ?_session_id=YOURSESSIONID

Now, any requests made will be as though they came from your account.

Do you have any other handy tips for stress testing your Rails applications?