How do I get to the "shop/confirm/<Service>" page after the session has been lost?
Forum rules
Always add your Laravel, Aimeos and PHP version as well as your environment (Linux/Mac/Win)
Spam and unrelated posts will be removed immediately!
Always add your Laravel, Aimeos and PHP version as well as your environment (Linux/Mac/Win)
Spam and unrelated posts will be removed immediately!
How do I get to the "shop/confirm/<Service>" page after the session has been lost?
Laravel framework version: 9.52.4
Aimeos Laravel version: ~2022.10
PHP Version: 8.2.3
Environment: Linux
Hello,
I want to be able to get to a specific order confirmation page at any time.
For example, getting to https://<domain>/shop/confirm/demo-cashondelivery?id=<orderid>.
I am looking at this class: Aimeos\Client\Html\Checkout\Confirm\Standard.
I attempted to hardcode an order ID I know exists inside the data() method.
I get the error: "Item with ID "4" in "order.id" not found", but I know that the order exists.
I want to be able to use the same page for when the user checks out and when he wants to re-visit this order from his profile.
Is it the right approach to modify Aimeos\Client\Html\Checkout\Confirm\Standard or is there a better way to achieve this ?
Aimeos Laravel version: ~2022.10
PHP Version: 8.2.3
Environment: Linux
Hello,
I want to be able to get to a specific order confirmation page at any time.
For example, getting to https://<domain>/shop/confirm/demo-cashondelivery?id=<orderid>.
I am looking at this class: Aimeos\Client\Html\Checkout\Confirm\Standard.
I attempted to hardcode an order ID I know exists inside the data() method.
I get the error: "Item with ID "4" in "order.id" not found", but I know that the order exists.
I want to be able to use the same page for when the user checks out and when he wants to re-visit this order from his profile.
Is it the right approach to modify Aimeos\Client\Html\Checkout\Confirm\Standard or is there a better way to achieve this ?
Re: How do I get to the "shop/confirm/<Service>" page after the session has been lost?
I found what I did wrong, I got confused and used the base order id instead of the normal order id.
I think that all that remains is to add a filter for the user ID, so that the user can't access orders of other users.
Please correct me if this is not the right approach, thank you.
I think that all that remains is to add a filter for the user ID, so that the user can't access orders of other users.
Please correct me if this is not the right approach, thank you.
Re: How do I get to the "shop/confirm/<Service>" page after the session has been lost?
If you have access to the authenticated user, the session isn't lost because it's required for that.
When you simply add the user ID as GET parameter, there will be one very important security risk:
Attackers can try any combination of user ID and order ID (both are sequential) to find out all orders from all users.
When you simply add the user ID as GET parameter, there will be one very important security risk:
Attackers can try any combination of user ID and order ID (both are sequential) to find out all orders from all users.
Professional support and custom implementation are available at Aimeos.com
If you like Aimeos, give us a star
If you like Aimeos, give us a star