Users are able to purchase products without an account. However, after they have purchased the product they must create an account to access the product. Their email is entered into a stripe form during registration, as I am using stripe for payments. In the back-end I am creating an account for the user post-purchase like this:
$newUser = new User;
$newUser->email = $request->stripeEmail;
Next, I am storing the user's ID to session.
Session::put('id', $user->id);
The user is then redirected to a page to fill out further information, here, I am retrieving the user's ID from the session and finishing off their account.
$id = Session::get('id');
$user = User::where('id',$id)->first();
// add details to user submitted from form
Obviously, since I am dealing with payments I want to be as careful as possible. Is this method of storing the user's ID for completion at a later stage entirely safe?