Cart Lockout

During the Broadleaf checkout process, it would be dangerous if the user were still able to make changes to their cart. They might be able to change pricing or other critical information that would allow them to complete checkout in a way that shouldn’t have been possible (e.g. overpaying or underpaying, skipping validation, etc). In addition, multiple checkout processes could be started for a single cart at the same time which would trigger a failure as they both compete for the same resources, or potentially even charge the user multiple times.

In order to prevent this, Broadleaf uses an implicit lockout mechanism in which users lose control of their cart while the checkout process is going on. This happens using a combination of optimistic locking (see Cart Versioning) and a cart status change (see Cart Statuses).

With optimistic locking, we know that the state of the cart in the database will never be overwritten with a stale version. This helps guarantee that if multiple or duplicate requests come in that modify the cart, only one will succeed and the state of the cart will still be valid. The SUBMISSION_IN_PROGRESS status change that happens as the first step of the checkout process effectively takes away control of the cart from the user, and only the currently-running checkout process should be able to make changes to it. If multiple checkout processes were to run, only one of the writes (and checkout processes) would succeed due to optimistic locking. With the combination of optimistic locking and the ownership change, we guarantee that: