Reloading "Review order" moves you back to "Enter billing info"
bjaspan - May 6, 2008 - 18:35
| Project: | Ubercart |
| Version: | 5.x-1.0-rc5 |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | postponed |
Jump to:
Description
If a user is on the Review order page and reloads the page with their browser instead of pressing Back or Submit order, they get redirected to the "Enter your billing info" page (and the billing info is not even pre-filled). This seems like poor UX design.
With the attached patch, reloading the Review order page leaves you on the Review order page.
| Attachment | Size |
|---|---|
| review-order-reload.diff | 1.33 KB |
#1
Thanks for digging in, Barry. It can be a little embarrassing having my older code worked through, but it's certainly necessary! Regarding this patch, I tested it and it works fine, but the idea was originally implemented to try and answer a security question... namely, if someone doesn't complete checkout, what is preventing someone else from coming behind them and accessing the review page directly.
So, before, if I shut the browser from the review page, it would make my information inaccessible to anyone else. However, with your patch, someone else could open the browser later and go directly to the review page to grab my info or even submit the order without me knowing it. I'm not sure what the best solution here is, though I'd give security weight over user interface if I had to choose.
Definitely moving the drupal_get_form() regardless.
#2
Just realized in testing why the drupal_get_form() was above the if statement... I needed the form to be built first so it could handle the submission of the review form prior to any redirect... otherwise submitting the form always sent you back to /cart.
#3
@#1: Your security concern is legitimate. Two responses:
1. The confirmation form should contain a reduced version of the payment information (e.g. last-4 of cc number). You should never display the full CC number in plaintext, even over SSL, because the page may be cached by the browser, etc.
2. If a user is involved in a transaction and walks away from the computer without logging out, they are susceptible to someone else coming up and hitting "submit." Some people around here said they like they can leave an Amazon order page open for 24 hours and only later hit "submit" and it will work. OTOH, it would not be unreasonable to impose a timeout on provided payment information. Perhaps after 30 minutes the payment info (only) needs to be re-entered.
However, disallowing the user from reloading the page seems like a mistake.
#4
Just to update this issue against the RC5, there is now an issue with reloading the review page in that CC data is getting stored in the form but is built from data in the session that gets wiped as soon as the form field is created. This means refreshing causes that form to be rebuilt and the CC data to get lost.
I can resolve this one of two ways...
1) Keep that session variable around a little longer, but this whole work around was developed to address other CC security issues.
2) Detect a CC payment method w/ no data in the session and send the user back to the checkout form to re-enter their information.
I'm leaning more toward #2.
#5
fyi, I've taken care of a redirect back to the checkout form when a customer paying by CC refreshes on the review order page. For the other more general issue, we'll have to wait for a future release to address this, as we need a more comprehensive way to track which checkout pages a user has visited and if he's visited any pages in between.