Gustavo de Sá Carvalho Honorato
2013-Jan-11 10:56 UTC
Different application session depending on path
Hi, I have a multitenant app and each tenant ''lives'' in a subdirectory of my app. For example: http://www.myapp.com/tenant1 http://www.myapp.com/tenant2 The problem is that if a tenant1 user logs in he automatically gains access to tenant2 data, because my app is using the same session for all tenants path. One way to solve this issue is creating a new session depending on the path, but I can''t figure out how to do that. Is there any easy way to do that using Rails? Thanks in advance, Gustavo -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit https://groups.google.com/groups/opt_out.
tamouse mailing lists
2013-Jan-12 13:42 UTC
Re: Different application session depending on path
On Fri, Jan 11, 2013 at 4:56 AM, Gustavo de Sá Carvalho Honorato <gustavohonorato-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Hi, > > I have a multitenant app and each tenant ''lives'' in a subdirectory of my > app. For example: > > http://www.myapp.com/tenant1 > http://www.myapp.com/tenant2 > > The problem is that if a tenant1 user logs in he automatically gains access > to tenant2 data, because my app is using the same session for all tenants > path. One way to solve this issue is creating a new session depending on the > path, but I can''t figure out how to do that. > > Is there any easy way to do that using Rails?Issue a new session after they log in? http://guides.rubyonrails.org/security.html#session-fixation-countermeasures -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.