Unique token to prevent multiple orders and unwanted quote validation
Dear Spryker Community,
I hope this message finds you well!
We’re currently working on a Spryker-based shop that utilizes a PWA for both mobile and desktop users. Recently, we’ve encountered two main challenges:
- Long quote validation times
- The risk of a cart being ordered multiple times
To address the duplicate order issue, we’ve implemented a database solution: we use the UUID generated by the Glue API and store it in the spy_sales_order table, ensuring that no cart can be ordered twice.
Now, we’re focusing on making a specific set of items within a cart unique and optimizing the quote validation process. Here’s our current approach:
- Unique Cart Identification:
We generate a hash from thequote_datavalue, which serves as a unique key representing the products in the cart. - Locking Mechanism:
When the hash is created, we send it—along with a timestamp and the quote UUID—to the frontend. We then use Symfony’s Lock component to lock this combination for 5 minutes, or until thequote_datachanges. - Efficient Storage:
The hash is stored in Redis for fast and reliable retrieval. - Optimized Validation:
We perform quote validation during hash creation, so we don’t need to repeat this step, saving valuable processing time. - Error Handling:
If validation fails, we promptly return error messages to the frontend. - Order Authorization:
The PWA can only proceed with an order if it provides a token that we can validate against the currentquote_data.
We’re interested in your feedback on this approach:
- Are there potential pitfalls or improvements you’d suggest?
- Has anyone implemented a similar mechanism, and if so, what were your experiences?
- Do you see any risks regarding hash collisions or lock management that we should be aware of?
We’re also considering using a stronger hash function (like SHA-256) and expanding the hash input to include additional factors such as stock levels and price changes, to further enhance reliability.
Thank you in advance for your insights and suggestions!
Best regards,
Karsten
Answers
-
I finally figured that I understood JWT wrong and we don't need a lock as we can just trust the signed token.
But still in anycase how do you guys handle the problem that you could order the same quote multiple times or get timeouts during the order and the customer clicks on buy again. Or multiple browser windeows / Tabs / connections from a PWA. This is as far as I know nothing spryker core resolves as Yves does everything synchronous and that leads to all those problems.
Happy easter weekend to you all!
Karsten
0
Categories
- All Categories
- 42 Getting Started & Guidelines
- 7 Getting Started in the Community
- 8 Additional Resources
- 7 Community Ideas and Feedback
- 83 Spryker News
- 970 Developer Corner
- 823 Spryker Development
- 91 Spryker Dev Environment
- 362 Spryker Releases
- 3 Oryx frontend framework
- 36 Propel ORM
- 68 Community Projects
- 3 Community Ideation Board
- 30 Hackathon
- 3 PHP Bridge
- 6 Gacela Project
- 30 Job Opportunities
- 3.2K 📜 Slack Archives
- 116 Academy
- 5 Business Users
- 370 Docker
- 551 Slack General
- 2K Help
- 75 Knowledge Sharing
- 6 Random Stuff
- 4 Code Testing
- 33 Product & Business Questions
- 70 Spryker Safari Questions
- 50 Random