small medium large xlarge

10 Jun 2011, 06:30
angelo capilleri (1 post)

Hi, I always appreciate your works. But Now I have a doubt about the new implementation of Cart in the last version of your book. Mantaining an incremental integer on session is easy to modify the cart of other user during his buy? Change a cart_id on session is simple A very simple solution could be using an random non integer value than an incremental id?

def current_cart

rescue ActiveRecord::RecordNotFound 
cart = Cart.create( :idr => ActiveSupport::SecureRandom.hex(16))
session[:id] =
session[:cart_idr] = cart.idr


Probably is not the best solution but is more difficult crack an random charset than an incremental id Best Regards

You must be logged in to comment