Change get book id from cookie to from POST request to avoid wrong order when concurrent

app/controllers/Detail.php

@@ -65,9 +65,9 @@ class Detail extends Controller
         $soap = $this->model('SoapHelper');
         $entityBody = json_decode(file_get_contents('php://input'), true);
         $user = $model_user->readUserById($user_id);
-        $orderid = $soap->buyBook($_COOKIE['bookid'], $entityBody['total'], $user['no_kartu'], $entityBody['token']);
+        $orderid = $soap->buyBook($entityBody['book_id'], $entityBody['total'], $user['no_kartu'], $entityBody['token']);
         if ($orderid != -1) {
-            $model->createOrder($_COOKIE['bookid'], $user_id, $orderid);
+            $model->createOrder($entityBody['book_id'], $user_id, $orderid);
         }
         echo $orderid;
 

app/views/detail.php

@@ -58,7 +58,7 @@
                   <span class="label">Token</span>
                   <span class="border"></span>
                 </label>
-            <button onclick="order()" <?php if ($data['book']['price'] == -1) {echo "disabled";}?>>Order</button>
+            <button onclick="order('<?php echo $data['book']['bookID']; ?>')" <?php if ($data['book']['price'] == -1) {echo "disabled";}?>>Order</button>
         </section>
         <section id="reviews">
             <p class="detail-sub-header">Reviews</p>

public/js/detail.js

-function order() {
+function order(book_id) {
     var total_order_element = document.getElementById("total-order");
     var token = document.getElementById("token").value;
     console.log("token: "+token);
@@ -23,6 +23,7 @@ function order() {
     }
     xhttp.send(JSON.stringify({
         total : sum_order,
+        book_id : book_id,
         token : token}));
 }