创建一个订购和结帐系统,防止在付款期间更换购物车 [英] Creating a ordering and checkout system, protecting against changing the cart during payment
问题描述
因此,我有一个多页结帐系统,该系统依赖于会话来存储购物车中的内容。我还使用第三方系统处理信用卡,该系统在其服务器上托管实际的付款页面。我只需要将页面的最终总数过帐到页面即可。
So I have a multi paged checkout system that relies on sessions to store the contents of the shopping cart. I'm also using a third party system to process credit cards, which hosts the actual payment page on their servers. I just have to POST to the page the final total.
我预见的问题是,如果有人单击进入托管的支付页面,然后输入合法或不合法的信息,该怎么办?恶意原因在另一个选项卡中更改了购物车内容。我最初计划,当托管的付款页面重定向回我的收据页面时,我将订单插入到数据库中。但是,如果此时更改了会话,则顺序将不同于所收取的总费用。
The problem I foresee is what if someone clicks to go to the hosted pay page, and then for some legitimate or nefarious reason changes the shopping cart contents in another tab. I had initially planned that when the hosted pay page redirects back to my receipt page I would then INSERT the order into my database. But, if the session is changed at that point, the order will be different from the total cost charged.
该问题的解决方案是什么。我可以看到这种情况对于所有购物车系统都是一个问题,所以我想知道它们是如何做到的。
What would be a solution to this problem. I can see this sort of thing being an issue for all cart systems, so I'm wondering how they do it.
也许当用户单击按钮转到托管的付款页面,我可以在数据库的temp_order表中进行临时订单输入,然后在付款完成后,可以将该临时记录转移到永久记录表中吗?这样,我就不会从已更改的会话信息中插入记录。但是,如果我必须过帐到托管的付款页面,那么在哪里可以将购物车保存到临时表中?
Maybe when the user clicks the button to go to the hosted paypage I can make a temporary order entry in a temp_order table in the database, and then when the payment goes through I can transfer that temp record into the permanent record table? That way I don't insert the record from the session information that has changed. But if I have to POST to the hosted pay page, where do I have the opportunity to save the shopping cart to the temp table?
此外,临时订单ID必须在临时表和永久表上都是唯一的,因为我不希望有任何重叠。
Also, the temp order id must be unique across both temp and permanent tables since I don't want any overlap.
最后,我应该经常清除临时订单表,因为它们只是临时记录。由于用户可以在托管的付款页面上改变主意,因此某些操作可能无法完成。
Lastly, I should want to clear the temp order table frequently as they are just temp records. Some might not go through as the user could change their mind on the hosted pay page.
我对应该怎么做感到非常困惑!
I'm really confused as to what I should do!
推荐答案
我认为不需要创建单独的表。只需在现有表中添加一列,例如 payment_in_progress ,然后在客户向购物车提交任何更改时对其进行分析。
I see no need to create a separate table. Just add one column into existing table, say, payment_in_progress and analyse it when client submits any changes to the cart.
清除未处理的过时订单的要求仍然存在
The requirement to clear out unprocessed outdated orders remains
这篇关于创建一个订购和结帐系统,防止在付款期间更换购物车的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
