rails session and multiple browser-tabs

In my rails application the flow is as follows:

  1. When the user visits the site for the first time, he can do nothing beside to sign in.
  2. For the sign-in-process an external session service (ESS) is used. As a result the user gets an ESS-ID. This ESS-ID is stored with the Rails-Session-ID in the rails-cache. The ESS knows permissions for the user. Theses permissions are different for different companies the user can work for. Say the user is allowed to work for company X with permissions aaa, bbb and he can work for company Y with permissions aaa. Depending on the permissions a menu structure is created in the frontend. Depending on the company a different header-layout is choosen so that the user always recognizes the company he is working for. The user can call other services from this site with the ESS-ID. Due to the ESS-ID the other services can request ESS for permissions and other stuff.
  3. The user can switch the company in the frontend. Three things happen here: a) The active company in the ESS-Session changes to the new company. b) The menu structure changes is rebuilt due to different permissions for the new company. c) The header-layout changes.

This works as long as the user does not open a new browser-tab or a new browser-window. However it is tempting to open multiple browser-tabs for every company we can work for. Imagine the user opens a first browser-tab with the default company for the user X. browser-tab 1: Rails-session(my_browser_unique_id) → ESS (id=my_unique_ess_id, company=X)

Then he opens a new tab and chooses company Y. browser-tab 2: Rails-session(my_browser_unique_id) → ESS (id=my_unique_ess_id, company=Y)

The problem is that obviously the second browser-tab invalids the first browser-tab.

My idea to solve the problem is as follows: When the user opens a new browser-tab the server must recognize: Ah, it is the same client-browser (same rails session id) but it comes from a new browser-tab. As a result we have to create a new ESS-session. After opening the second browser-tab we have the following picture:

Rails-session(my_browser_unique_id) → ESS (id=my_unique_ess_id, company=X) [for browser-tab-1] → ESS (id=another_unique_ess_id, company=X) [for browser-tab-2]

When the user changes the company in the second browser-tab we have

Rails-session(my_browser_unique_id) → ESS (id=my_unique_ess_id, company=X) → ESS (id=another_unique_ess_id, company=Y)

So on the rails-session we can have multiple ESS-Sessions attached.

My questions are:

  • Is my idea a way to go or do I understand something totally wrong?
  • What could be a unique identifier for a browser-tab/browser-window (I would have to send it to the server as a unique identifier for my working area tab1 or tab2 and so on)?
  • Exist already gems which address this problem?

Vlad