small medium large xlarge

Generic-user-small
10 Jun 2011, 06:30
angelo capilleri (1 post)

Hi, I always appreciate your works. But Now I have a doubt about the new implementation of Cart in the last version of your book. Mantaining an incremental integer on session is easy to modify the cart of other user during his buy? Change a cart_id on session is simple A very simple solution could be using an random non integer value than an incremental id?

def current_cart

Cart.find_by_idr_and_id!(session[:cart_idr],session[:cart_id])
rescue ActiveRecord::RecordNotFound 
cart = Cart.create( :idr => ActiveSupport::SecureRandom.hex(16))
session[:id] = cart.id
session[:cart_idr] = cart.idr
cart

end

Probably is not the best solution but is more difficult crack an random charset than an incremental id Best Regards

You must be logged in to comment