Forum: Ruby on Rails two authenticated users simultaneously in same browser

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Dfc408d15775d88aa1a0675744cd70f6?d=identicon&s=25 Jeff Cole (Guest)
on 2006-02-08 20:44
What is a good solution for the situation where someone logs in to your
site in their same browser as a second user (say in a new tab) without
logging out the first user?  When they go back to the first tab, they
expect to be browsing as the first user, but because the user
authentication is valid for the whole browser, they are really browsing
as the second user.   There is potential here for confusion and possible
security issues.

You can tell people that if you want to use two accounts simultaneously
you should open a new browser.  Or, you can append every URL with a
session ID and make sure it matches the session ID of the authenticated
user.

Any other suggestions?

thanks,
jeff
This topic is locked and can not be replied to.