Ruby on Rails Wednesday, February 1, 2017

In my rails application the flow is as follows:

1. When the user visits the site for the first time, he can do nothing beside to
   sign  in.
2. For the sign-in-process an external session service (ESS) is used. As a result
   the user gets an ESS-ID. This ESS-ID is stored with the Rails-Session-ID in
   the rails-cache. The ESS knows permissions for the user. Theses permissions
   are different for different companies the user can work for.
   Say the user is allowed to work for company X with permissions aaa, bbb
   and he can work for company Y with permissions aaa.
   Depending on the permissions a menu structure is created in the frontend.
   Depending on the company a different header-layout is choosen so that the
   user always recognizes the company he is working for.
   The user can call other services from this site with the ESS-ID. Due to
   the ESS-ID the other services can request ESS for permissions and other stuff.
3. The user can switch the company in the frontend. Three things happen here:
   a) The active company in the ESS-Session changes to the new company.
   b) The menu structure changes is rebuilt due to different permissions for the
      new company.
   c) The header-layout changes.

This works as long as the user does not open a new browser-tab or a new
browser-window. However it is tempting to open multiple browser-tabs for every
company we can work for. Imagine the user opens a first browser-tab with the
default company for the user X.
browser-tab 1:
   Rails-session(my_browser_unique_id) --> ESS (id=my_unique_ess_id, company=X)

Then he opens a new tab and chooses company Y.
browser-tab 2:
  Rails-session(my_browser_unique_id) --> ESS (id=my_unique_ess_id, company=Y)

The problem is that obviously the second browser-tab invalids the first browser-tab.

My idea to solve the problem is as follows:
When the user opens a new browser-tab the server must recognize:
Ah, it is the same client-browser (same rails session id) but it comes from
a new browser-tab. As a result we have to create a new ESS-session.
After opening the second browser-tab we have the following picture:

Rails-session(my_browser_unique_id) --> ESS (id=my_unique_ess_id, company=X) [for browser-tab-1]
                                                       --> ESS (id=another_unique_ess_id, company=X) [for browser-tab-2]

When the user changes the company in the second browser-tab we have

Rails-session(my_browser_unique_id) --> ESS (id=my_unique_ess_id, company=X)
                                                        --> ESS (id=another_unique_ess_id, company=Y)

So on the rails-session we can have multiple ESS-Sessions attached.

My questions are:
- Is my idea a way to go or do I understand something totally wrong?
- What could be a unique identifier for a browser-tab/browser-window (I would have to send it to the server as a unique identifier for my working area tab1 or tab2 and so on)?
- Exist already gems which address this problem?

Vlad

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/498f18fb-52d3-4a80-a0f6-1f41c7dc71e7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

No comments:

Post a Comment