Do not create useless cart session accessing invoice address

2026-03-30 18:57:45 +02:00
parent a2cef22ea8
commit 4d15731528
2 changed files with 16 additions and 11 deletions
--- a/src/pretix/presale/views/init.py
+++ b/src/pretix/presale/views/init.py
@@ -70,18 +70,21 @@ def cached_invoice_address(request):
            # do not create a session, if we don't have a session we also don't have an invoice address ;)
            request._checkout_flow_invoice_address = InvoiceAddress()
            return request._checkout_flow_invoice_address
-        cs = cart_session(request)
-        iapk = cs.get('invoice_address')
-        if not iapk:
+        cs = cart_session(request, create=False)
+        if cs is None:
            request._checkout_flow_invoice_address = InvoiceAddress()
        else:
-            try:
-                with scopes_disabled():
-                    request._checkout_flow_invoice_address = InvoiceAddress.objects.get(
-                        pk=iapk, order__isnull=True
-                    )
-            except InvoiceAddress.DoesNotExist:
+            iapk = cs.get('invoice_address')
+            if not iapk:
                request._checkout_flow_invoice_address = InvoiceAddress()
+            else:
+                try:
+                    with scopes_disabled():
+                        request._checkout_flow_invoice_address = InvoiceAddress.objects.get(
+                            pk=iapk, order__isnull=True
+                        )
+                except InvoiceAddress.DoesNotExist:
+                    request._checkout_flow_invoice_address = InvoiceAddress()
    return request._checkout_flow_invoice_address


--- a/src/pretix/presale/views/cart.py
+++ b/src/pretix/presale/views/cart.py
@@ -417,7 +417,7 @@ def get_or_create_cart_id(request, create=True):
    return new_id


-def cart_session(request):
+def cart_session(request, create=True):
    """
    Before pretix 1.8.0, all checkout-related information (like the entered email address) was stored
    in the user's regular session dictionary. This led to data interference and leaks for example if a
@@ -428,7 +428,9 @@ def cart_session(request):
    active cart session sub-dictionary for read and write access.
    """
    request.session.modified = True
-    cart_id = get_or_create_cart_id(request)
+    cart_id = get_or_create_cart_id(request, create=create)
+    if not cart_id and not create:
+        return None
    return request.session['carts'][cart_id]