Pbreit I do not think that fake logging in with others email is a risk as all they will see is the cart that has not been checked out.
Anthony and villas, thanks for your feedback. Maybe you are right that email in session is good enough. I will have to index all orders on index instead of auth.user.id. Peter On Aug 24, 3:10 pm, villas <[email protected]> wrote: > Just set a cookie for the email address until you can trust it?
