bilety.brzezovka.pl/.paul/phases/05-purchase-redirect-hardening/05-01-SUMMARY.md

phase, plan, subsystem, tags, requires, provides, affects, tech-stack, key-files, key-decisions, patterns-established, duration, started, completed

phase	plan	subsystem	tags	requires	provides	affects	tech-stack	key-files	key-decisions	patterns-established	duration	started	completed
05-purchase-redirect-hardening	01	analytics	purchase dataLayer consent-mode-v2 przelewy24 redirect	phase provides 02-purchase-event-prepayment purchase event emitted before payment redirect phase provides 03-cookie-consent CookieNoticePro and Consent Mode v2 integration phase provides 04-cookie-notice-bugfix stable CookieNoticePro initialization	Browser-session guard against duplicate purchase pushes per transaction_id Saved cookie consent restore before GTM and purchase event execution Centered Przelewy24 redirect alert with 5-second countdown and automatic submit	analytics checkout payments	added patterns sessionStorage duplicate guard pre-GTM consent restore delayed payment redirect	created modified templates/tickets/przelewy24.php templates/site/layout-logged.php	Use `sessionStorage` keyed by transaction_id to prevent duplicate purchase on refresh. Restore saved CookieNoticePro consent before GTM starts, so purchase uses the right consent state. Use a centered Bootstrap alert and automatic submit after 5 seconds, without a visible fallback button.	Purchase event may be emitted before payment redirect, but must be guarded per transaction in the browser session.	35min	2026-05-08T00:00:00Z	2026-05-08T00:00:00Z

Phase 5 Plan 01: Purchase Redirect Hardening Summary

Purchase tracking now fires once per transaction in the browser session, respects restored cookie consent before GTM, and redirects to Przelewy24 after a centered 5-second countdown alert.

Performance

Metric	Value
Duration	~35 min
Started	2026-05-08
Completed	2026-05-08
Tasks	3 completed
Files modified	2 source files + PAUL docs

Acceptance Criteria Results

Criterion	Status	Notes
AC-1: Purchase fires only once per browser session and transaction	Pass	First load pushes ecommerce reset and purchase when no session key exists.
AC-2: Refresh does not duplicate purchase	Pass	sessionStorage key brzezovka_purchase_sent_{transaction_id} suppresses repeat push in the same browser session.
AC-3: Auto redirect returns with visible countdown	Pass	Centered Bootstrap alert shows 5-second countdown and auto-submits the P24 form after 5 seconds.
AC-4: Saved cookie consent is restored before GTM and purchase	Pass	Layout restores cnp_consent and cnp_prefs immediately after default denied and before GTM.

Accomplishments

• Added a guarded dataLayer.push() wrapper around the existing purchase payload.
• Preserved the backend purchase payload builder and payment form signing unchanged.
• Added pre-GTM saved consent restore for analytics and marketing consent.
• Replaced the temporary manual redirect with a centered alert and automatic 5-second redirect.

Verification Results

Check	Result
php -l templates/tickets/przelewy24.php	Pass
php -l templates/site/layout-logged.php	Pass
`rg -n "sessionStorage	brzezovka_purchase_sent_
Manual browser check: first purchase fires	Pass - confirmed by user during testing
Manual browser check: saved consent restored	Pass - confirmed by user after consent fix
Manual browser check: centered alert without visible button	Pass - user approved after visual correction

Files Created/Modified

File	Change	Purpose
templates/tickets/przelewy24.php	Modified	Added purchase duplicate guard, centered redirect alert, 5-second countdown, and auto-submit.
templates/site/layout-logged.php	Modified	Restores saved CookieNoticePro consent before GTM snippet and page-level purchase push.
.paul/phases/05-purchase-redirect-hardening/05-01-PLAN.md	Created	Plan for the hardening work.
.paul/phases/05-purchase-redirect-hardening/05-01-SUMMARY.md	Created	Completion record.
.paul/STATE.md	Modified	Tracks v0.4 loop closure.
.paul/ROADMAP.md	Modified	Adds and closes Phase 5.
.paul/PROJECT.md	Modified	Marks v0.4 requirements and decisions as validated.
.paul/changelog/2026-05-08.md	Modified	Human-readable changelog entry.

Decisions Made

Decision	Rationale	Impact
Use sessionStorage instead of DB state	Scope was refresh protection in the same browser session, not a server-side analytics ledger.	No schema or order-flow changes required.
Set session key before pushing purchase	Prevents duplicate push if refresh happens immediately after the first page execution.	Slight fail-open behavior remains if storage is unavailable.
Restore consent before GTM	CookieNoticePro runs at the bottom of the body, too late for the pre-payment purchase push.	Purchase observes saved granted consent on page load.
Remove visible manual button	User feedback: the button remained visible and the message needed a cleaner UI.	Final redirect page is a centered alert with no visible fallback button.

Deviations from Plan

Summary

Type	Count	Impact
User-requested UI adjustment	1	Removed visible fallback button and improved message presentation.

Total impact: Positive UI cleanup; no tracking or payment behavior risk introduced.

Issues Encountered

Issue	Resolution
Purchase initially used default denied consent despite saved cookie acceptance.	Added pre-GTM saved consent restore in layout-logged.php.
Temporary redirect button was still visible and the text looked unpolished.	Replaced it with a centered Bootstrap alert and countdown only.

Next Phase Readiness

Ready:

• v0.4 tracking redirect hardening is complete.
• Purchase event has refresh protection and consent ordering fixed.
• Przelewy24 auto-redirect behavior is restored.

Concerns:

• sessionStorage protects only the same browser session; cross-device or new-session duplication would need server-side tracking if required later.

Blockers:

• None.

---

Phase: 05-purchase-redirect-hardening, Plan: 01 Completed: 2026-05-08