summaryrefslogtreecommitdiff
path: root/talermerchantdemos
diff options
context:
space:
mode:
authorFlorian Dold <florian.dold@gmail.com>2020-08-10 17:19:39 +0530
committerFlorian Dold <florian.dold@gmail.com>2020-08-10 17:19:39 +0530
commit4a7b7898214c748e75cf63787dd8c805b4f102e0 (patch)
tree5666d391ae338030c7d1ba2198617ce8590afc2c /talermerchantdemos
parentd429ea577fc5af028b0d5f3ed309fc96155e8240 (diff)
downloadtaler-merchant-demos-4a7b7898214c748e75cf63787dd8c805b4f102e0.tar.gz
taler-merchant-demos-4a7b7898214c748e75cf63787dd8c805b4f102e0.tar.bz2
taler-merchant-demos-4a7b7898214c748e75cf63787dd8c805b4f102e0.zip
use session cookies for order ID
Diffstat (limited to 'talermerchantdemos')
-rw-r--r--talermerchantdemos/blog/blog.py15
1 files changed, 2 insertions, 13 deletions
diff --git a/talermerchantdemos/blog/blog.py b/talermerchantdemos/blog/blog.py
index 1e25555..defc158 100644
--- a/talermerchantdemos/blog/blog.py
+++ b/talermerchantdemos/blog/blog.py
@@ -212,7 +212,7 @@ def article(article_name, data=None):
# bound to a browser. This forces re-play and prevents sharing the article
# by just sharing the URL.
session_id = flask.session.get("session_id")
- order_id = flask.request.args.get("order_id")
+ order_id = flask.session.args.get("order_id")
if not session_id:
session_id = flask.session["session_id"] = str(uuid.uuid4())
@@ -235,9 +235,7 @@ def article(article_name, data=None):
)
order_resp = backend_post(BACKEND_URL, "private/orders", dict(order=order))
order_id = order_resp["order_id"]
- return flask.redirect(
- flask.url_for("article", article_name=article_name, order_id=order_id)
- )
+ flask.session["order_id"] = order_id
# Prepare data for the upcoming payment check.
pay_status = backend_get(
@@ -264,15 +262,6 @@ def article(article_name, data=None):
# Finally return the article.
return render_article(article_name, data, order_id)
- if pay_status.get("already_paid_order_id") is not None:
- return flask.redirect(
- flask.url_for(
- "article",
- article_name=article_name,
- order_id=pay_status.get("already_paid_order_id"),
- )
- )
-
##
# Redirect the browser to a page where the wallet can
# run the payment protocol.