[Flask] Flask Digest, Vol 3, Issue 22

Kyle Lawlor klawlor419 at gmail.com
Tue Sep 22 05:04:36 CEST 2015


@Federico and @Jeff, I should add that as far as I know the Stripe API is
just for the credit card info and the purchase validation. Does it also
have a tool set to help build the shopping cart (a list of items the
customer wants to purchase)? I plan to have a redirect button on the
shopping cart to move on to checkout, on this checkout page I will
implement the Stripe Checkout. For now I am stuck because I cannot generate
a list storing the items.

@Federico, Does storing sensitive information on the server side count as
keeping that information inside your view functions file? I think the most
sensitive information I will be storing is the purchase token from the
Stripe API.

Cheers, Kyle.

P.S. Apologies if this message is a duplicate for anyone.

On Mon, Sep 21, 2015 at 9:29 PM, Kyle Lawlor <klawlor419 at gmail.com> wrote:

> Hi, all.
>
> Thank you very much for the responses.
>
> @Jeff, I am actually planning on making use of the Stripe API and service.
> Currently I am just trying to build the shopping cart on the client side. I
> am taking it one step at a time.
>
> @Jonathan, Could you take a look at my code to see if I am using the
> session object correctly? I am puzzled with the current behaviour I am
> seeing. I made changes to my code, I am now attempting to store the items
> requested and compute the total price via the *session* object. Here is a
> link to the code:
> https://github.com/callmeskywalker/casa-sabor/blob/master/app/main/views.py#L40
>
> The behaviour I am seeing is the same as before. The variables are *not*
> remembered from the previous request. I am sure there is a trivial mistake
> in my code somewhere.
>
> Another recent change I made was adding this line (Which is just a secret
> key config.):
>
> https://github.com/callmeskywalker/casa-sabor/blob/master/app/__init__.py#L21
> I thought perhaps the session object will only work if there is a secret
> key defined, but this did not seem to change the behaviour.
>
> Hoping to hear more soon, Kyle.
>
> On Mon, Sep 21, 2015 at 4:48 PM, <flask-request at python.org> wrote:
>
>> Send Flask mailing list submissions to
>>         flask at python.org
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>>         https://mail.python.org/mailman/listinfo/flask
>> or, via email, send a message with subject or body 'help' to
>>         flask-request at python.org
>>
>> You can reach the person managing the list at
>>         flask-owner at python.org
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of Flask digest..."
>>
>>
>> Today's Topics:
>>
>>    1. Re: Usage of session and g variables (Jonathan Chen)
>>    2. Re: Usage of session and g variables (Jeff Widman)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Mon, 21 Sep 2015 10:44:20 -0700
>> From: Jonathan Chen <tamasiaina at gmail.com>
>> Cc: flask at python.org
>> Subject: Re: [Flask] Usage of session and g variables
>> Message-ID:
>>         <CACT24RD5W3GOpafpu65wsdJOC=
>> cJLUL26ss5r-NVg_SYCASuJg at mail.gmail.com>
>> Content-Type: text/plain; charset="utf-8"
>>
>> Sessions will persist through secured cookies while the g variable only
>> persist with each request. So for a shopping cart a session object would
>> be
>> better to use.
>>
>> If you wanted to store temporarily information like for instance a credit
>> card or something similar you can put it in the g variable to be process
>> the credit card information later.
>>
>>
>> ~Jonathan C.
>>
>> On Mon, Sep 21, 2015 at 10:11 AM, Corey Boyle <coreybrett at gmail.com>
>> wrote:
>>
>> > I can't answer your question directly, but maybe you could get some
>> > inspiration from this.
>> > http://satchless.com/
>> >
>> > On Mon, Sep 21, 2015 at 12:39 PM, Kyle Lawlor <klawlor419 at gmail.com>
>> > wrote:
>> > > Hi, all.
>> > >
>> > >
>> > > I am currently in the process of designing a website for a friends
>> > > restaurant. I am planning to deploy the website through Heroku. I am
>> just
>> > > hoping to keep the costs down for my friend and learn a few things.
>> > >
>> > > I want to create a portion of the website that can be used for online
>> > > checkout. I aiming for something similar to any ordering application,
>> > i.e.
>> > > grubhub. I have some of the website together, I will post a link to
>> its
>> > git
>> > > repository below.
>> > >
>> > > One thing I have been struggling to understand with Flask is the use
>> of
>> > > session variables and global (g) variables. My purpose is to create a
>> > > shopping cart, where I can store what a user wants to order.
>> > >
>> > > So far I have tried creating a standard python array and a variable
>> > within
>> > > the view function for the orders page. This is in principle to store
>> > which
>> > > items the user selects and to store the total price. The items
>> selected
>> > and
>> > > the total price are then rendered appropriately. The obvious problem
>> with
>> > > this method is that the objects are cleared after each request. So the
>> > item
>> > > selected and the total price only reflects the previous request.
>> > >
>> > > One way to get around this is to create a global variable outside of
>> the
>> > > route for a given view function. I believe this is incorrect because
>> it
>> > > stores the data even after I go elsewhere on the site.
>> > >
>> > > Creating session variables or global variables for that matter and
>> then
>> > > updating them as selections are made seems to have the same issue as
>> > using
>> > > python storage variables within the view function. Please see these
>> links
>> > > for the view function I am talking about.
>> > >
>> > > Declaration of variables (using the g object in this case):
>> > >
>> >
>> https://github.com/callmeskywalker/casa-sabor/blob/master/app/main/views.py#L40
>> > > Here is where I look for the user to add an item, and attempt to store
>> > the
>> > > data:
>> > >
>> >
>> https://github.com/callmeskywalker/casa-sabor/blob/master/app/main/views.py#L97
>> > >
>> > > I am at point now where I am not sure that the usage of session and g
>> > > variables are what I am trying to use them for. I wonder if this is
>> now a
>> > > case where using a database is the technically correct/better thing to
>> > do.
>> > >
>> > > My questions are:
>> > > Is my use of global variables problematic?
>> > > Is there a way to use session and/or g for this purpose?
>> > > Am I better off using a database for storing this data?
>> > >
>> > > Please keep in mind I brand new to using flask and web development in
>> > > general. I look forward to hearing back to any responses. Feel free to
>> > cover
>> > > basics of web development, because I am sure that I am missing some.
>> > >
>> > > If anyone is interested or wants to see the website in action, here is
>> > the
>> > > entire git repository:
>> > > https://github.com/callmeskywalker/casa-sabor
>> > >
>> > >
>> > > Thanks, Kyle
>> > >
>> > > _______________________________________________
>> > > Flask mailing list
>> > > Flask at python.org
>> > > https://mail.python.org/mailman/listinfo/flask
>> > >
>> > _______________________________________________
>> > Flask mailing list
>> > Flask at python.org
>> > https://mail.python.org/mailman/listinfo/flask
>> >
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: <
>> http://mail.python.org/pipermail/flask/attachments/20150921/1a8cd178/attachment-0001.html
>> >
>>
>> ------------------------------
>>
>> Message: 2
>> Date: Mon, 21 Sep 2015 13:48:02 -0700
>> From: Jeff Widman <jeff at jeffwidman.com>
>> To: flask at python.org
>> Subject: Re: [Flask] Usage of session and g variables
>> Message-ID:
>>         <CABPX=-6owSazmeyX7PdBw=
>> PncJgLaAn2XrBmEy+ryX0OOTqGmg at mail.gmail.com>
>> Content-Type: text/plain; charset="utf-8"
>>
>> If at all possible, avoid credit card data ever directly touching your
>> server.
>>
>> It's a huge security risk that's really, really hard to get right, plus
>> there's a bunch of hoops related to PCI compliance.
>>
>> Instead if you're rolling your own shopping cart, just use something like
>> Stripe's javascript for the actual payment processing so that the credit
>> card data goes straight from the client to Stripe's servers, and then you
>> only need store the callback from Stripe that the customer's payment
>> 'succeeeded', without actually storing the underlying data.
>>
>>
>> ?
>>
>> On Mon, Sep 21, 2015 at 10:44 AM, Jonathan Chen <tamasiaina at gmail.com>
>> wrote:
>>
>> > Sessions will persist through secured cookies while the g variable only
>> > persist with each request. So for a shopping cart a session object
>> would be
>> > better to use.
>> >
>> > If you wanted to store temporarily information like for instance a
>> credit
>> > card or something similar you can put it in the g variable to be process
>> > the credit card information later.
>> >
>> >
>> > ~Jonathan C.
>> >
>> > On Mon, Sep 21, 2015 at 10:11 AM, Corey Boyle <coreybrett at gmail.com>
>> > wrote:
>> >
>> >> I can't answer your question directly, but maybe you could get some
>> >> inspiration from this.
>> >> http://satchless.com/
>> >>
>> >> On Mon, Sep 21, 2015 at 12:39 PM, Kyle Lawlor <klawlor419 at gmail.com>
>> >> wrote:
>> >> > Hi, all.
>> >> >
>> >> >
>> >> > I am currently in the process of designing a website for a friends
>> >> > restaurant. I am planning to deploy the website through Heroku. I am
>> >> just
>> >> > hoping to keep the costs down for my friend and learn a few things.
>> >> >
>> >> > I want to create a portion of the website that can be used for online
>> >> > checkout. I aiming for something similar to any ordering application,
>> >> i.e.
>> >> > grubhub. I have some of the website together, I will post a link to
>> its
>> >> git
>> >> > repository below.
>> >> >
>> >> > One thing I have been struggling to understand with Flask is the use
>> of
>> >> > session variables and global (g) variables. My purpose is to create a
>> >> > shopping cart, where I can store what a user wants to order.
>> >> >
>> >> > So far I have tried creating a standard python array and a variable
>> >> within
>> >> > the view function for the orders page. This is in principle to store
>> >> which
>> >> > items the user selects and to store the total price. The items
>> selected
>> >> and
>> >> > the total price are then rendered appropriately. The obvious problem
>> >> with
>> >> > this method is that the objects are cleared after each request. So
>> the
>> >> item
>> >> > selected and the total price only reflects the previous request.
>> >> >
>> >> > One way to get around this is to create a global variable outside of
>> the
>> >> > route for a given view function. I believe this is incorrect because
>> it
>> >> > stores the data even after I go elsewhere on the site.
>> >> >
>> >> > Creating session variables or global variables for that matter and
>> then
>> >> > updating them as selections are made seems to have the same issue as
>> >> using
>> >> > python storage variables within the view function. Please see these
>> >> links
>> >> > for the view function I am talking about.
>> >> >
>> >> > Declaration of variables (using the g object in this case):
>> >> >
>> >>
>> https://github.com/callmeskywalker/casa-sabor/blob/master/app/main/views.py#L40
>> >> > Here is where I look for the user to add an item, and attempt to
>> store
>> >> the
>> >> > data:
>> >> >
>> >>
>> https://github.com/callmeskywalker/casa-sabor/blob/master/app/main/views.py#L97
>> >> >
>> >> > I am at point now where I am not sure that the usage of session and g
>> >> > variables are what I am trying to use them for. I wonder if this is
>> now
>> >> a
>> >> > case where using a database is the technically correct/better thing
>> to
>> >> do.
>> >> >
>> >> > My questions are:
>> >> > Is my use of global variables problematic?
>> >> > Is there a way to use session and/or g for this purpose?
>> >> > Am I better off using a database for storing this data?
>> >> >
>> >> > Please keep in mind I brand new to using flask and web development in
>> >> > general. I look forward to hearing back to any responses. Feel free
>> to
>> >> cover
>> >> > basics of web development, because I am sure that I am missing some.
>> >> >
>> >> > If anyone is interested or wants to see the website in action, here
>> is
>> >> the
>> >> > entire git repository:
>> >> > https://github.com/callmeskywalker/casa-sabor
>> >> >
>> >> >
>> >> > Thanks, Kyle
>> >> >
>> >> > _______________________________________________
>> >> > Flask mailing list
>> >> > Flask at python.org
>> >> > https://mail.python.org/mailman/listinfo/flask
>> >> >
>> >> _______________________________________________
>> >> Flask mailing list
>> >> Flask at python.org
>> >> https://mail.python.org/mailman/listinfo/flask
>> >>
>> >
>> >
>> > _______________________________________________
>> > Flask mailing list
>> > Flask at python.org
>> > https://mail.python.org/mailman/listinfo/flask
>> >
>> >
>>
>>
>> --
>>
>> *Jeff Widman*
>> jeffwidman.com <http://www.jeffwidman.com/> | 740-WIDMAN-J (943-6265)
>> <><
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: <
>> http://mail.python.org/pipermail/flask/attachments/20150921/9c117a24/attachment.html
>> >
>>
>> ------------------------------
>>
>> Subject: Digest Footer
>>
>> _______________________________________________
>> Flask mailing list
>> Flask at python.org
>> https://mail.python.org/mailman/listinfo/flask
>>
>>
>> ------------------------------
>>
>> End of Flask Digest, Vol 3, Issue 22
>> ************************************
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/flask/attachments/20150921/424cbb95/attachment-0001.html>


More information about the Flask mailing list