commit 4a7b7898214c748e75cf63787dd8c805b4f102e0
parent d429ea577fc5af028b0d5f3ed309fc96155e8240
Author: Florian Dold <florian.dold@gmail.com>
Date: Mon, 10 Aug 2020 17:19:39 +0530
use session cookies for order ID
Diffstat:
1 file changed, 2 insertions(+), 13 deletions(-)
diff --git a/talermerchantdemos/blog/blog.py b/talermerchantdemos/blog/blog.py
@@ -212,7 +212,7 @@ def article(article_name, data=None):
# bound to a browser. This forces re-play and prevents sharing the article
# by just sharing the URL.
session_id = flask.session.get("session_id")
- order_id = flask.request.args.get("order_id")
+ order_id = flask.session.args.get("order_id")
if not session_id:
session_id = flask.session["session_id"] = str(uuid.uuid4())
@@ -235,9 +235,7 @@ def article(article_name, data=None):
)
order_resp = backend_post(BACKEND_URL, "private/orders", dict(order=order))
order_id = order_resp["order_id"]
- return flask.redirect(
- flask.url_for("article", article_name=article_name, order_id=order_id)
- )
+ flask.session["order_id"] = order_id
# Prepare data for the upcoming payment check.
pay_status = backend_get(
@@ -264,15 +262,6 @@ def article(article_name, data=None):
# Finally return the article.
return render_article(article_name, data, order_id)
- if pay_status.get("already_paid_order_id") is not None:
- return flask.redirect(
- flask.url_for(
- "article",
- article_name=article_name,
- order_id=pay_status.get("already_paid_order_id"),
- )
- )
-
##
# Redirect the browser to a page where the wallet can
# run the payment protocol.
