Wednesday, February 1, 2017
In my rails application the flow is as follows:
1. When the user visits the site for the first time, he can do nothing beside to
sign in.
2. For the sign-in-process an external session service (ESS) is used. As a result
the user gets an ESS-ID. This ESS-ID is stored with the Rails-Session-ID in
the rails-cache. The ESS knows permissions for the user. Theses permissions
are different for different companies the user can work for.
Say the user is allowed to work for company X with permissions aaa, bbb
and he can work for company Y with permissions aaa.
Depending on the permissions a menu structure is created in the frontend.
Depending on the company a different header-layout is choosen so that the
user always recognizes the company he is working for.
The user can call other services from this site with the ESS-ID. Due to
the ESS-ID the other services can request ESS for permissions and other stuff.
3. The user can switch the company in the frontend. Three things happen here:
a) The active company in the ESS-Session changes to the new company.
b) The menu structure changes is rebuilt due to different permissions for the
new company.
c) The header-layout changes.
This works as long as the user does not open a new browser-tab or a new
browser-window. However it is tempting to open multiple browser-tabs for every
company we can work for. Imagine the user opens a first browser-tab with the
default company for the user X.
browser-tab 1:
Rails-session(my_browser_unique_id) --> ESS (id=my_unique_ess_id, company=X)
Then he opens a new tab and chooses company Y.
browser-tab 2:
Rails-session(my_browser_unique_id) --> ESS (id=my_unique_ess_id, company=Y)
The problem is that obviously the second browser-tab invalids the first browser-tab.
My idea to solve the problem is as follows:
When the user opens a new browser-tab the server must recognize:
Ah, it is the same client-browser (same rails session id) but it comes from
a new browser-tab. As a result we have to create a new ESS-session.
After opening the second browser-tab we have the following picture:
Rails-session(my_browser_unique_id) --> ESS (id=my_unique_ess_id, company=X) [for browser-tab-1]
--> ESS (id=another_unique_ess_id, company=X) [for browser-tab-2]
When the user changes the company in the second browser-tab we have
Rails-session(my_browser_unique_id) --> ESS (id=my_unique_ess_id, company=X)
--> ESS (id=another_unique_ess_id, company=Y)
So on the rails-session we can have multiple ESS-Sessions attached.
My questions are:
- Is my idea a way to go or do I understand something totally wrong?
- What could be a unique identifier for a browser-tab/browser-window (I would have to send it to the server as a unique identifier for my working area tab1 or tab2 and so on)?
- Exist already gems which address this problem?
Vlad
-- 1. When the user visits the site for the first time, he can do nothing beside to
sign in.
2. For the sign-in-process an external session service (ESS) is used. As a result
the user gets an ESS-ID. This ESS-ID is stored with the Rails-Session-ID in
the rails-cache. The ESS knows permissions for the user. Theses permissions
are different for different companies the user can work for.
Say the user is allowed to work for company X with permissions aaa, bbb
and he can work for company Y with permissions aaa.
Depending on the permissions a menu structure is created in the frontend.
Depending on the company a different header-layout is choosen so that the
user always recognizes the company he is working for.
The user can call other services from this site with the ESS-ID. Due to
the ESS-ID the other services can request ESS for permissions and other stuff.
3. The user can switch the company in the frontend. Three things happen here:
a) The active company in the ESS-Session changes to the new company.
b) The menu structure changes is rebuilt due to different permissions for the
new company.
c) The header-layout changes.
This works as long as the user does not open a new browser-tab or a new
browser-window. However it is tempting to open multiple browser-tabs for every
company we can work for. Imagine the user opens a first browser-tab with the
default company for the user X.
browser-tab 1:
Rails-session(my_browser_unique_id) --> ESS (id=my_unique_ess_id, company=X)
Then he opens a new tab and chooses company Y.
browser-tab 2:
Rails-session(my_browser_unique_id) --> ESS (id=my_unique_ess_id, company=Y)
The problem is that obviously the second browser-tab invalids the first browser-tab.
My idea to solve the problem is as follows:
When the user opens a new browser-tab the server must recognize:
Ah, it is the same client-browser (same rails session id) but it comes from
a new browser-tab. As a result we have to create a new ESS-session.
After opening the second browser-tab we have the following picture:
Rails-session(my_browser_unique_id) --> ESS (id=my_unique_ess_id, company=X) [for browser-tab-1]
--> ESS (id=another_unique_ess_id, company=X) [for browser-tab-2]
When the user changes the company in the second browser-tab we have
Rails-session(my_browser_unique_id) --> ESS (id=my_unique_ess_id, company=X)
--> ESS (id=another_unique_ess_id, company=Y)
So on the rails-session we can have multiple ESS-Sessions attached.
My questions are:
- Is my idea a way to go or do I understand something totally wrong?
- What could be a unique identifier for a browser-tab/browser-window (I would have to send it to the server as a unique identifier for my working area tab1 or tab2 and so on)?
- Exist already gems which address this problem?
Vlad
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/498f18fb-52d3-4a80-a0f6-1f41c7dc71e7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment