LG-14127 Stop deleting TMx session ID when undoing SSN step#11091
Merged
LG-14127 Stop deleting TMx session ID when undoing SSN step#11091
Conversation
The SSN show page includes Javascript for device profiling. To identify a device profiling transaction we set `threatmetrix_session_id` and render that alongside the Javascript that performs the device profiling. This UUID is used downstream to fetch device profiling results. We observed that some users did not have a `threatmetrix_session_id` value in downstream steps. This appears to be because they submitted the "link sent" step which calls `undo_step` on the SSN step. Then, either due to network issues or an unusual path through the process they were able to submit the SSN form without re-rendering the SSN show page. Investigating this we questioned why the `threatmetrix_session_id` needs to be deleted when the user submits earlier steps. It appears it was added in #9589 which configured the back button functionality from the SSN step back to other steps. It appears that the `threatmetrix_session_id` was set to `nil` there in order to return to the state that existed before the step was submitted and not because of a specific concern about stale IDs or anything like that. In order to prevent the issue where users have a nil ID after viewing the SSN step but submitting later steps and proceeding without re-viewing the SSN step, this commit removes the code to reset the threatmetrix session ID. This should be fine since the old ID will represent a device profiling transaction for the current session which is ultimately the goal. [skip changelog]
matthinz
approved these changes
Aug 15, 2024
| expect(idv_session.had_barcode_attention_error).to be_nil | ||
|
|
||
| expect(idv_session.ssn).to be_nil | ||
| expect(idv_session.threatmetrix_session_id).to be_nil |
Contributor
There was a problem hiding this comment.
should we assert that it is not nil?
Contributor
Author
There was a problem hiding this comment.
We can, though with this change the threatmetrix_sesison_id is no longer something the FlowPolicy cares about. Setting it and adding an assertion that it is not nil may be confusing with the context of this change.
Contributor
There was a problem hiding this comment.
ok would it make sense in the context of preserving the value to add a spec elsewhere in the PR?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The SSN show page includes Javascript for device profiling. To identify a device profiling transaction we set
threatmetrix_session_idand render that alongside the Javascript that performs the device profiling. This UUID is used downstream to fetch device profiling results.We observed that some users did not have a
threatmetrix_session_idvalue in downstream steps. In many cases this appears to be because they submitted the "link sent" step which callsundo_stepon the SSN step. Then, either due to network issues or an unusual path through the process they were able to submit the SSN form without re-rendering the SSN show page and regenerating a threatmetrix session ID.Investigating this we questioned why the threatmetrix session id needs to be deleted when the user submits earlier steps. It appears it was added in #9589 which configured the back button functionality from the SSN step back to other steps. It appears that the threatmetrix session id was set to
nilthere in order to return to the state that existed before the step was submitted and not because of a specific concern about stale IDs or anything like that.In order to prevent the issue where users have a nil ID after viewing the SSN step and submitting ealier steps and proceeding without re-viewing the SSN step, this commit removes the code to reset the threatmetrix session ID. This should be fine since the old ID will represent a device profiling transaction for the current session which is ultimately the goal.