this question is similar to this one but with a twist (so the answer accepted for the older question is not valid in the following scenario)
i have a site for selling tickets (PHP/MYSQL). Suppose i have just one ticket left:
- buyer A puts the ticket in her cart and goes to the payment gateway page (ie. paypal)
- the ticket is locked for 5 minutes, so buyer B cannot buy it
- buyer A waits 5 minutes with the paypal page open, doing nothing
- the ticket is unlocked so buyer B puts it in his cart and goes the the paypal page
- buyer A executes the payment procedure on paypal with success
- buyer B executes the payment procedure on paypal with success
i can wait longer but i don't think this will solve the issue in the more general case. moreover, if i do that, it will be possibile to make some kind of DoS, locking the items in stock for large periods of time.
what's the best way to handle this scenario ?