Hi,
We’ve just gone live with our Magento2 installation that uses your Stripe extension. And out of the 60 first orders we’ve had four cases where a customer has managed to get two orders and two transactions through Stripe for one quote.
Looking at apache logs I can see the following as a pattern with all of them, I’ve removed sensitive information like IPs and key’s used in the URL. But I can assure you that they are identical.
{Customer_ip} - - [25/Jul/2017:14:11:45 +0200] "POST /rest/default/V1/df-payment/{Identical_Key}/place-order HTTP/1.1" 200 314 "https://example.com/checkout/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) ..."
{Customer_ip} - - [25/Jul/2017:14:11:45 +0200] "POST /rest/default/V1/df-payment/{Identical_key}/place-order HTTP/1.1" 200 314 "https://example.com/checkout/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) ..."
The two transactions related to the orders has unique order id’s at this point, but everything else is identical. Where the first is XXXX35 and the second is XXXX36. Incremented by 1. In the responses from Stripe there’s unique “id”'s.
Looking at the “quote” database table, the “reserved_order_id” column has been set to the id of the second order (XXXX46) with no traces of the first (XXXX35)
This is a probably a problem that the customer is causing by clicking “Place order” multiple times, but one would kind of think that some validation was being done serverside to prevent something like this, especially if it has already happened in 4/60 checkouts.
Hope you might know of a solution to this.