Hi, I always appreciate your works. But Now I have a doubt about the new implementation of Cart in the last version of your book. Mantaining an incremental integer on session is easy to modify the cart of other user during his buy? Change a cart_id on session is simple A very simple solution could be using an random non integer value than an incremental id?
def current_cart Cart.find_by_idr_and_id!(session[:cart_idr],session[:cart_id]) rescue ActiveRecord::RecordNotFound cart = Cart.create( :idr => ActiveSupport::SecureRandom.hex(16)) session[:id] = cart.id session[:cart_idr] = cart.idr cart end
Probably is not the best solution but is more difficult crack an random charset than an incremental id Best Regards