Ruby on Rails Wednesday, February 1, 2017

In my rails application the flow is as follows:

1. When the user visits the site for the first time, he can do nothing beside to
   sign  in.
2. For the sign-in-process an external session service (ESS) is used. As a result
   the user gets an ESS-ID. This ESS-ID is stored with the Rails-Session-ID in
   the rails-cache. The ESS knows permissions for the user. Theses permissions
   are different for different companies the user can work for.
   Say the user is allowed to work for company X with permissions aaa, bbb
   and he can work for company Y with permissions aaa.
   Depending on the permissions a menu structure is created in the frontend.
   Depending on the company a different header-layout is choosen so that the
   user always recognizes the company he is working for.
   The user can call other services from this site with the ESS-ID. Due to
   the ESS-ID the other services can request ESS for permissions and other stuff.
3. The user can switch the company in the frontend. Three things happen here:
   a) The active company in the ESS-Session changes to the new company.
   b) The menu structure changes is rebuilt due to different permissions for the
      new company.
   c) The header-layout changes.

This works as long as the user does not open a new browser-tab or a new
browser-window. However it is tempting to open multiple browser-tabs for every
company we can work for. Imagine the user opens a first browser-tab with the
default company for the user X.
browser-tab 1:
   Rails-session(my_browser_unique_id) --> ESS (id=my_unique_ess_id, company=X)

Then he opens a new tab and chooses company Y.
browser-tab 2:
  Rails-session(my_browser_unique_id) --> ESS (id=my_unique_ess_id, company=Y)

The problem is that obviously the second browser-tab invalids the first browser-tab.

My idea to solve the problem is as follows:
When the user opens a new browser-tab the server must recognize:
Ah, it is the same client-browser (same rails session id) but it comes from
a new browser-tab. As a result we have to create a new ESS-session.
After opening the second browser-tab we have the following picture:

Rails-session(my_browser_unique_id) --> ESS (id=my_unique_ess_id, company=X) [for browser-tab-1]
                                                       --> ESS (id=another_unique_ess_id, company=X) [for browser-tab-2]

When the user changes the company in the second browser-tab we have

Rails-session(my_browser_unique_id) --> ESS (id=my_unique_ess_id, company=X)
                                                        --> ESS (id=another_unique_ess_id, company=Y)

So on the rails-session we can have multiple ESS-Sessions attached.

My questions are:
- Is my idea a way to go or do I understand something totally wrong?
- What could be a unique identifier for a browser-tab/browser-window (I would have to send it to the server as a unique identifier for my working area tab1 or tab2 and so on)?
- Exist already gems which address this problem?


You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To post to this group, send email to
To view this discussion on the web visit
For more options, visit

No comments:

Post a Comment