On cprince.devel.webdevel.redhat.com, I placed an order for 25 subscriptions (25 line items that is), then upon clicking to make it 26, got the following error: Sorry, there was an error in processing this form action. Please report the error or try again later. (Undefined subroutine &Vend::Order::do_lockout called at /home/reston/cprince/interchange/lib/Vend/Order.pm line 2086. ) Should probably be a little more descriptive about what the problem is and how the user can fix it. The really bad side-effect is that after getting this error, the cart is cleared out, so the user looses anything that they have entered to that point.
When this happens, it also dumps the cart that was there. In other words, if you press back on your browser, and add another item, you will be taken to your basket, and there is only that one item in it.
This is still happening as of 4/19/01.
I fixed the undefined subroutine problem, but the rest of this is a design feature intended to keep rogue robots from bringing the site down by following buy links and ordering millions of items. The only thing we can really do about it is increase the maximum number of line items that is allowed in the cart, 25 is probably too low.
OK, no longer get the error message, but the contents of my cart are indeed dumped out upon adding the 26th order detail line. I have no problems with having a limit, just need to make sure that it makes sense and that the user does not run into the limit, get the contents of their cart thrown out and never return to the site because they are pissed. Think that we should just display an error telling them that they have hit the limit and give them the opportunity to continue with the cart in its present state.
The problem is that if you keep the contents of the cart then bad robots will still fill up the disk, by creating thousands of sessions with 25 items in each one. The best solution would be to change the orderline limit to a number high enough that an actual ordering human would never hit it, the problem is to balance this against protecting the server from robots, a human would never hit a 10,000 line limit, but a robot could do a lot of damage hammering on the server for that long before it got locked out. In looking at the database there are less than 50 products being sold from the store front, setting the orderline limit to 100 would allow people to order every product twice and still not hit the limit, and would minimize the damage from rogue robots.
As long as a user, in the standard course of trying to place an order, does not hit the limit and dump the contents all over the place, I really don't care. a 100-line limit sounds good to me.
OK, orderline limit changed to 100
OK, that looks a little better. Closing out this bug.