Im currently creating a multi tenancy system in rails 5 using the gem Apartment
I have a Tenant model which contains a Name and Tenant so I can create individual tenants (or companies).
Each tenant has a users table. When a user logs in I set a session containing the user_id. The problem is when I switch subdomains it then picks up the user id from the second tenant and shows me logged in as them.
for example: on tenantA im logged in a Brad (user_id:1 on tenantA user table) when I switch to tenantB im logged in as Dave (user_id:1 on tenantB user table)
Obviously this is no good as you can access data from another tenant.
Im just not really sure how to restrict users access to only their tenant. I think maybe some sort of scope on the session so it only applies the session to the current subdomain and not all of them, but not sure how to do this.
Has anyone done this before that could help me? Not sure what code to paste here but just let me know and I will post my code.
Thanks in advance
