On cprince.devel.webdevel.redhat.com, I placed an order for 25
subscriptions (25 line items that is), then upon clicking to make it 26,
got the following error:
Sorry, there was an error in processing this form action. Please report the
error or try again later. (Undefined subroutine &Vend::Order::do_lockout
called at /home/reston/cprince/interchange/lib/Vend/Order.pm line 2086. )
Should probably be a little more descriptive about what the problem is and
how the user can fix it. The really bad side-effect is that after getting
this error, the cart is cleared out, so the user looses anything that they
have entered to that point.
When this happens, it also dumps the cart that was there. In other words, if you
press back on your browser, and add another item, you will be taken to your
basket, and there is only that one item in it.
This is still happening as of 4/19/01.
I fixed the undefined subroutine problem, but the rest of this is a design
feature intended to keep rogue robots from bringing the site down by following
buy links and ordering millions of items. The only thing we can really do about
it is increase the maximum number of line items that is allowed in the cart, 25
is probably too low.
OK, no longer get the error message, but the contents of my cart are indeed
dumped out upon adding the 26th order detail line. I have no problems with
having a limit, just need to make sure that it makes sense and that the user
does not run into the limit, get the contents of their cart thrown out and never
return to the site because they are pissed. Think that we should just display
an error telling them that they have hit the limit and give them the opportunity
to continue with the cart in its present state.
The problem is that if you keep the contents of the cart then bad robots will
still fill up the disk, by creating thousands of sessions with 25 items in each
one. The best solution would be to change the orderline limit to a number high
enough that an actual ordering human would never hit it, the problem is to
balance this against protecting the server from robots, a human would never hit
a 10,000 line limit, but a robot could do a lot of damage hammering on the
server for that long before it got locked out. In looking at the database there
are less than 50 products being sold from the store front, setting the orderline
limit to 100 would allow people to order every product twice and still not hit
the limit, and would minimize the damage from rogue robots.
As long as a user, in the standard course of trying to place an order, does not
hit the limit and dump the contents all over the place, I really don't care. a
100-line limit sounds good to me.
OK, orderline limit changed to 100
OK, that looks a little better. Closing out this bug.