From 4a7b7898214c748e75cf63787dd8c805b4f102e0 Mon Sep 17 00:00:00 2001
From: Florian Dold <florian.dold@gmail.com>
Date: Mon, 10 Aug 2020 17:19:39 +0530
Subject: use session cookies for order ID

---
 talermerchantdemos/blog/blog.py | 15 ++-------------
 1 file changed, 2 insertions(+), 13 deletions(-)

(limited to 'talermerchantdemos/blog')

diff --git a/talermerchantdemos/blog/blog.py b/talermerchantdemos/blog/blog.py
index 1e25555..defc158 100644
--- a/talermerchantdemos/blog/blog.py
+++ b/talermerchantdemos/blog/blog.py
@@ -212,7 +212,7 @@ def article(article_name, data=None):
     # bound to a browser.  This forces re-play and prevents sharing the article
     # by just sharing the URL.
     session_id = flask.session.get("session_id")
-    order_id = flask.request.args.get("order_id")
+    order_id = flask.session.args.get("order_id")
 
     if not session_id:
         session_id = flask.session["session_id"] = str(uuid.uuid4())
@@ -235,9 +235,7 @@ def article(article_name, data=None):
         )
         order_resp = backend_post(BACKEND_URL, "private/orders", dict(order=order))
         order_id = order_resp["order_id"]
-        return flask.redirect(
-            flask.url_for("article", article_name=article_name, order_id=order_id)
-        )
+        flask.session["order_id"] = order_id
 
     # Prepare data for the upcoming payment check.
     pay_status = backend_get(
@@ -264,15 +262,6 @@ def article(article_name, data=None):
         # Finally return the article.
         return render_article(article_name, data, order_id)
 
-    if pay_status.get("already_paid_order_id") is not None:
-        return flask.redirect(
-            flask.url_for(
-                "article",
-                article_name=article_name,
-                order_id=pay_status.get("already_paid_order_id"),
-            )
-        )
-
     ##
     # Redirect the browser to a page where the wallet can
     # run the payment protocol.
-- 
cgit v1.2.3