[ic] Back Button Interaction with IC

Ed LaFrance interchange-users@interchange.redhat.com
Tue Apr 16 10:49:01 2002


At 02:28 PM 4/15/2002 -0700, you wrote:
>Hello,
>
>We are using the [button] tags to generate the checkout, recalculate,
>clear basket, continue shopping etc buttons like in the foundation demo.
>We've found that users have been able to checkout without actually
>pushing the checkout button on the checkout.html page.  How they are
>doing this is they place an item in their cart, which then forwards them
>to the basket page.  They then click on the go to checkout button which
>forwards them to the checkout page.  They are then able to push the back
>button on their browser (which puts them back on the basket page) and
>push the recalculate, clear basket, or go to checkout button and their
>order is placed without going through the normal checkout_profile
>routines for validation.  This also allows them to checkout without
>selecting a payment method or valid shipping since they never make it to
>checkout_profile.  If the user then clicks the back button again and
>they are returned to the basket page and can again push recalculate,
>clear basket or go to checkout and the order will be placed with no
>items in the cart and no validation once again.
>
>Has anyone else experienced this?  And if so what did you do to fix the
>problem?  Our client is seeing this in about 1/3 of the orders so it
>looks like the practice is not abnormal to use the back buttons for
>navigation.  I'll be looking into fixes this afternoon and will pass
>along what I find.  I'll also be trying this out on the demo site to see
>if the same thing happens.  Thanks!
>
>-Ron

You must have customized the foundation catalog, because this didn't happen 
to me on the unmodified demo. The only time I had a similar problem was 
with a customized catalog in which I had created two order profiles with 
the same but different contents. I don't remember the exact circumstances, 
but through a particular sequence of events which incorporated the use of 
the browser 'Back' button, the customer was able to load one of the 
profiles into the session, and then inevitably use it in place of the other 
one; the net result was that the order checks were bypassed.  Since then I 
have always been careful to ensure that every profile have a unique name!

- Ed L.


===============================================================
New Media E.M.S.               Software Solutions for Business
463 Main St., Suite D          eCommerce | Consulting | Hosting
Placerville, CA  95667         edl@newmediaems.com
(530) 622-9421                 http://www.newmediaems.com
(866) 519-4680 Toll-Free       (530) 622-9426 Fax
===============================================================