Session stores old order id even if order was deleted, causing error on next checkout.

[ndeet]

OpenCart 4.0.2.3

Describe the bug
Under certain rare circumstances the session stores an non-existing order id. If a user abandons checkout and an admin deletes that pending order in the meantime. If the user returns before their session expired the session will still pass that old (non existing) order id causing an error on checkout if the payment module relies on it.

To Reproduce
Steps to reproduce the behavior:

1. Customer: Go through checkout but abort the order at the payment provider
2. Customer: deletes his cart (likely not needed for this error to show but not tested)
3. Admin: deletes the abandoned order
4. Customer: returns with old session not timed out and tries to checkout again
5. $this->session->data['order_id'] still contains the old order id and checkout fails if there is anything relying on that order id.

Expected behavior
The cart should imo check if the order id still exists in the system at some point before processing the payment to make sure it does not error.

Server / Test environment (please complete the following information):

• DDEV (docker setup)
• Linux Ubuntu 22.04 LTS
• PHP 8.1.23
• Nginx
• Browser(s) tested with Chrome 118

[chongshengdz]

did you clear all your cache?

[danielkerr]

dont delete orders that have not been completed

[ndeet]

dont delete orders that have not been completed

Maybe then they should not be deletable or only after some grace period?

As said this rarely happens and likely is due to testing but still very hard to debug and not a nice UX for customers if they run into it.

[hayden-t]

generally incomplete orders dont show in the admin ?