Different application session depending on path

Hi,

I have a multitenant app and each tenant ‘lives’ in a subdirectory of my app. For example:

http://www.myapp.com/tenant1

http://www.myapp.com/tenant2

The problem is that if a tenant1 user logs in he automatically gains access to tenant2 data, because my app is using the same session for all tenants path. One way to solve this issue is creating a new session depending on the path, but I can’t figure out how to do that.

Is there any easy way to do that using Rails?

Thanks in advance,
Gustavo

Issue a new session after they log in?
http://guides.rubyonrails.org/security.html#session-fixation-countermeasures