On Fri, Jan 11, 2013 at 4:56 AM, Gustavo de Sá Carvalho Honorato <[email protected]> wrote: > Hi, > > I have a multitenant app and each tenant 'lives' in a subdirectory of my > app. For example: > > http://www.myapp.com/tenant1 > http://www.myapp.com/tenant2 > > The problem is that if a tenant1 user logs in he automatically gains access > to tenant2 data, because my app is using the same session for all tenants > path. One way to solve this issue is creating a new session depending on the > path, but I can't figure out how to do that. > > Is there any easy way to do that using Rails?
Issue a new session after they log in? http://guides.rubyonrails.org/security.html#session-fixation-countermeasures -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
