21

Here I am trying to get some tickets for a theater, and I noticed an interesting thing. It seems that the website holds no session persistence. In other words it doesn't check to see if the user has stopped trying to order tickets, instead it holds the seats for about 30 minutes. This is kind of stupid because when you back out, your treated as a completely new session, you have no way of trying to get back the seats you had chosen.

Sooo, what does this mean? It means that I can start selecting a bunch of seats and continue selecting a bunch of seats. There appears to be no server-side checks to prevent someone from just booking the entire theater.

Soooooo, what does this mean? I could potentially spam the entire country's theaters (any that use this website as a booking system) and make it impossible for people to book seats through this website.

What do you guys think? Is this a bug or feature?

Comments
Add Comment