Closed rbclark closed 11 years ago
Hi rbclark,
What I recommend is to find the order record based on the id of your authenticated user. In your orders table, do you have a column for user_id or client_id or something like that that ties the orders to a given user?
If you look at the example on the wepay-rails readme, you'll see we get the cart based on the current_account object. I agree that using the session to store an order id is not a good idea.
Are you using devise or some other authentication gem? What does your orders table look like?
Thanks - Adam
Thank you very much for your reply! Thats where I've been running into a problem, as of right now I am attempting to achieve the setup without actually adding an authentication system, more or less users place the order and thats it. The orders table structure is as follows:
t.integer "item_id"
t.string "name"
t.string "email"
t.string "street_address"
t.string "city"
t.string "state"
t.integer "quantity"
t.decimal "total"
t.boolean "paid", :default => false
t.datetime "created_at", :null => false
t.datetime "updated_at", :null => false
It seems with my setup however the only way of reliably pulling off what I am trying to do is by hooking the order and the checkout record ID together before redirecting which doesn't seem possible.
Could you use the reference_id field in the Wepay checkout to store the order_id and then look it up using it in the FinalizeController?
Agreed.....
Thank you very much for pointing out the existence of that, I did originally try that however it caused an error the first time, most likely due to my mistake. I just went and tried it out again and it worked flawlessly, thank you again for this and the great gem!
You're welcome! Glad the gem is working out for you.
Hello!
First off, I want to say thank you for this gem, I have been using it for a project and it has been working nicely. I have been running into 1 problem however and I was hoping someone could point me in the right direction of patching it. I followed the setup example on the homepage however I noticed that in doing so I opened up a bit of a security hole in my site.
I have modified my checkout controller to be as follows
and my finalize controller to be:
However I have noticed that since I am using the session, if a user goes back and creates a new order then they are able to override the first order stored in the session. I have tried looking into a way to save the session in the checkout controller however I have not found a way to do so. Am I missing something here that might work to get rid of this issue?