Stripe Portal url not secure Python

I'm working on a Django application integrated with Stripe, and I'm facing a security issue related to user subscription management through the Stripe portal. Currently, I provide a simple link for users with subscriptions to access the portal. However, I've noticed that if I copy the link from the browser tab that the view generate and paste it into a private tab in another browser, the portal loads up, allowing access to someone else's subscription details.

an example of the url generated :
https://billing.stripe.com/p/session/test_YWNjdF8xSGFuNG5KV3p0WnBRQUJ4LF9POHM5UWlrYlhtM0FadVZmV3NUU3hQFMrgrrgg0HK1DtM1hxe

This presents a significant security concern since an unauthorized user who obtains the URL could potentially manipulate the billing information of a subscriber.

so my view :

def customer_portal(request):
    # Authenticate your user.

    customer_id = request.user.customer.id

    # Create a session.
    session = stripe.billing_portal.Session.create(
      customer=customer_id,
      return_url='http://127.0.0.1:8000/account/billing/',
    )

    # Directly redirect the user to the portal.
    return redirect(session.url)

the link :
<h4><a href="{% url 'subscriptions:customerPortal' %}">Manage Billing</a></h4>

the urls :
path('billing/portal/', customer_portal, name='customerPortal'),

I'm doing something wrong ?

The url is a short lived URL and yes, your application would need to make sure to only give the URL to an authenticated customer. Otherwise, you can use a no-code option global link which requires login by email.