Skip to content

fix(orders): price seal TTL too tight (60s) with IP binding blocks mobile users #126

Open
Open
fix(orders): price seal TTL too tight (60s) with IP binding blocks mobile users#126
Labels
bugSomething isn't workingpriority: highFix in next release
@mostlyvirtual

Description

@mostlyvirtual
mostlyvirtual
opened on Mar 20, 2026

Problem

price_sealing.py:38,166: PRICE_SEAL_TTL_SECONDS = 60 with IP binding.

  • 60 seconds is too tight for browse → cart → checkout flow
  • Mobile users behind rotating IPs get permanent "IP address mismatch" errors
  • Corporate proxies that rotate IPs between page loads block checkout

Fix

  1. Increase TTL to 15-30 minutes
  2. Consider removing IP binding since HMAC signature already prevents tampering
  3. Add seal refresh endpoint

Files

  • services/platform/apps/orders/price_sealing.py (lines 38, 166)

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingpriority: highFix in next release

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions