search

drhenner / ror_ecommerce

Ruby on Rails Ecommerce platform, perfect for your small business solution.
www.ror-e.com
MIT License
1.21k stars 409 forks source link

Log in on checkout #112

Closed DTwigs closed 11 years ago

DTwigs commented 11 years ago

Hey David, After 20 minutes the app requires you to log in again when trying to checkout. is there a way to remove this from my code? It's a bit confusing and I'm not saving credit cards so it isn't much of a security risk.

drhenner commented 11 years ago

Yes you can remove it...

In shopping/base_controller.rb change from 

def not_secure?
  !current_user ||
  session[:authenticated_at].nil? ||
  (Time.now - session[:authenticated_at] > (60 * 20) ) || ## 20 minutes
  (cookies[:insecure].nil? || cookies[:insecure] == true)#
end

to

def not_secure?
  !current_user
end

I don't recommend removing just as a best practice. BTW: I will not remove from the main repo

DTwigs commented 11 years ago

Yeah I wouldnt expect you to. THough I did notice a bug with it I think. I was logged in as one test account. And it prompted me for my info on Checkout and I typed in the credentials off a different account and it gave a page error. It had to do with the order # not existing for that user.