In my rails application the flow is as follows:
- When the user visits the site for the first time, he can do nothing beside to sign in.
- For the sign-in-process an external session service (ESS) is used. As a result the user gets an ESS-ID. This ESS-ID is stored with the Rails-Session-ID in the rails-cache. The ESS knows permissions for the user. Theses permissions are different for different companies the user can work for. Say the user is allowed to work for company X with permissions aaa, bbb and he can work for company Y with permissions aaa. Depending on the permissions a menu structure is created in the frontend. Depending on the company a different header-layout is choosen so that the user always recognizes the company he is working for. The user can call other services from this site with the ESS-ID. Due to the ESS-ID the other services can request ESS for permissions and other stuff.
- The user can switch the company in the frontend. Three things happen here: a) The active company in the ESS-Session changes to the new company. b) The menu structure changes is rebuilt due to different permissions for the new company. c) The header-layout changes.
This works as long as the user does not open a new browser-tab or a new browser-window. However it is tempting to open multiple browser-tabs for every company we can work for. Imagine the user opens a first browser-tab with the default company for the user X. browser-tab 1: Rails-session(my_browser_unique_id) → ESS (id=my_unique_ess_id, company=X)
Then he opens a new tab and chooses company Y. browser-tab 2: Rails-session(my_browser_unique_id) → ESS (id=my_unique_ess_id, company=Y)
The problem is that obviously the second browser-tab invalids the first browser-tab.
My idea to solve the problem is as follows: When the user opens a new browser-tab the server must recognize: Ah, it is the same client-browser (same rails session id) but it comes from a new browser-tab. As a result we have to create a new ESS-session. After opening the second browser-tab we have the following picture:
Rails-session(my_browser_unique_id) → ESS (id=my_unique_ess_id, company=X) [for browser-tab-1] → ESS (id=another_unique_ess_id, company=X) [for browser-tab-2]
When the user changes the company in the second browser-tab we have
Rails-session(my_browser_unique_id) → ESS (id=my_unique_ess_id, company=X) → ESS (id=another_unique_ess_id, company=Y)
So on the rails-session we can have multiple ESS-Sessions attached.
My questions are:
- Is my idea a way to go or do I understand something totally wrong?
- What could be a unique identifier for a browser-tab/browser-window (I would have to send it to the server as a unique identifier for my working area tab1 or tab2 and so on)?
- Exist already gems which address this problem?
Vlad