Feature: Tenant-Isolated Sessions and Authentication #4
Labels
No labels
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
psycodepath/hrp#4
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Motivation
Authentication and session cookies must be isolated so that a session from one tenant is not valid on another tenant.
Description
Configure PHP session cookie paths/domains to be isolated per tenant subdomain, and partition session variables or user entities by tenant database.
User Story
As a user, I want my session to be valid only on my household's subdomain so that I am not logged into other households.
Gherkin Feature
Acceptance Criteria