taler-docs

Documentation for GNU Taler components, APIs and protocols
Log | Files | Refs | README | LICENSE
commit e822824d8b012bbadd06c31f410dbe2bdf65f543
parent cc673337e08b66d1adac3ae9bc4e5893e73ab835
Author: Christian Grothoff <christian@grothoff.org>
Date:   Sun,  9 Aug 2020 13:17:33 +0200

move order-ID into cookie

Diffstat:

Mdesign-documents/007-payment.rst | 26++++++++++++++------------


1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/design-documents/007-payment.rst b/design-documents/007-payment.rst
@@ -179,23 +179,25 @@ Covered Scenarios
   It will then prove the payment of the **old** order ID under the **new** session ID.
 
 
-Problematic Scenarios
----------------------
+* **Bookmarks of Lost Purchases / Social Sharing of Fulfillment URLs**
+
+  FIXME: explain how we covered this by moving order ID into session cookie!
+  Let's say I bought some article a few months ago and I lost my wallet. I still have the augmented fulfillment URL
+  for the article bookmarked.  When I re-visit the URL, I will be prompted via QR code, but I can *never* prove
+  that I already paid, because I lost my wallet!
 
-Bookmarks of Lost Purchases / Social Sharing of Fulfillment URLs
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+  In this case, it might make sense to include some "make new purchase" link on the client order status page.
+  It's not clear if this is a common/important scenario though.
 
-Let's say I bought some article a few months ago and I lost my wallet. I still have the augmented fulfillment URL
-for the article bookmarked.  When I re-visit the URL, I will be prompted via QR code, but I can *never* prove
-that I already paid, because I lost my wallet!
+  But we might want to make clear on the client order status page that it's showing a QR code for something
+  that was already paid.
 
-In this case, it might make sense to include some "make new purchase" link on the client order status page.
-It's not clear if this is a common/important scenario though.
+  The same concern applies when sending the fulfillment URL of a paid paywalled Web resource to somebody else.
 
-But we might want to make clear on the client order status page that it's showing a QR code for something
-that was already paid.
 
-The same concern applies when sending the fulfillment URL of a paid paywalled Web resource to somebody else.
+
+Problematic Scenarios
+---------------------
 
 The Back Button
 ^^^^^^^^^^^^^^^