Re: [Rails] Different application session depending on path

On Fri, Jan 11, 2013 at 4:56 AM, Gustavo de Sá Carvalho Honorato
<gustavohonorato@gmail.com> wrote:
> Hi,
>
> I have a multitenant app and each tenant 'lives' in a subdirectory of my
> app. For example:
>
> http://www.myapp.com/tenant1
> http://www.myapp.com/tenant2
>
> The problem is that if a tenant1 user logs in he automatically gains access
> to tenant2 data, because my app is using the same session for all tenants
> path. One way to solve this issue is creating a new session depending on the
> path, but I can't figure out how to do that.
>
> Is there any easy way to do that using Rails?

Issue a new session after they log in?
http://guides.rubyonrails.org/security.html#session-fixation-countermeasures

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.