diff --git a/core/config/locales/en.yml b/core/config/locales/en.yml
index bc92b20bd43..c037fe9f3f3 100644
--- a/core/config/locales/en.yml
+++ b/core/config/locales/en.yml
@@ -1086,6 +1086,7 @@ en:
     cannot_create_payment_without_payment_methods_html: You cannot create a payment
       for an order without any payment methods defined. %{link}
     cannot_create_returns: Cannot create returns as this order has no shipped units.
+    cannot_edit_orders: You may only edit your current shopping cart.
     cannot_perform_operation: Cannot perform requested operation
     cannot_rebuild_shipments_order_completed: Cannot rebuild shipments for a completed
       order.
diff --git a/frontend/app/controllers/spree/orders_controller.rb b/frontend/app/controllers/spree/orders_controller.rb
index c1d7b6fb395..ad7b3ef2fbc 100644
--- a/frontend/app/controllers/spree/orders_controller.rb
+++ b/frontend/app/controllers/spree/orders_controller.rb
@@ -8,6 +8,7 @@ class OrdersController < Spree::StoreController
 
     before_action :store_guest_token
     before_action :assign_order, only: :update
+    before_action :current_cart_redirect, only: :edit
     # note: do not lock the #edit action because that's where we redirect when we fail to acquire a lock
     around_action :lock_order, only: :update
     before_action :apply_coupon_code, only: :update
@@ -42,6 +43,10 @@ def edit
       @order = current_order || Spree::Order.incomplete.find_or_initialize_by(guest_token: cookies.signed[:guest_token])
       authorize! :read, @order, cookies.signed[:guest_token]
       associate_user
+      if params[:id] && @order.number != params[:id]
+        flash[:error] = t('spree.cannot_edit_orders')
+        redirect_to cart_path
+      end
     end
 
     # Adds a new item to the order (creating a new order if none already exists)
@@ -100,6 +105,10 @@ def accurate_title
 
     private
 
+    def current_cart_redirect
+
+    end
+
     def store_guest_token
       cookies.permanent.signed[:guest_token] = params[:token] if params[:token]
     end
diff --git a/frontend/spec/controllers/spree/orders_controller_spec.rb b/frontend/spec/controllers/spree/orders_controller_spec.rb
index e8d8894473f..00132403322 100644
--- a/frontend/spec/controllers/spree/orders_controller_spec.rb
+++ b/frontend/spec/controllers/spree/orders_controller_spec.rb
@@ -102,6 +102,31 @@
       end
     end
 
+    context '#edit' do
+      before do
+        allow(controller).to receive :authorize!
+        allow(controller).to receive_messages current_order: order
+      end
+
+      it 'should render cart' do
+        get :edit, params: { id: order.number }
+
+        expect(flash[:error]).to be_nil
+        expect(response).to be_ok
+      end
+
+      context 'with another order number than the current_order' do
+        let(:other_order) { create(:completed_order_with_totals) }
+
+        it 'should display error message' do
+          get :edit, params: { id: other_order.number }
+
+          expect(flash[:error]).to eq "You may only edit your current shopping cart."
+          expect(response).to redirect_to cart_path
+        end
+      end
+    end
+
     context "#update" do
       context "with authorization" do
         before do
diff --git a/frontend/spec/features/checkout_confirm_insufficient_stock_spec.rb b/frontend/spec/features/checkout_confirm_insufficient_stock_spec.rb
index 0a02084b24f..e05a909b01b 100644
--- a/frontend/spec/features/checkout_confirm_insufficient_stock_spec.rb
+++ b/frontend/spec/features/checkout_confirm_insufficient_stock_spec.rb
@@ -29,8 +29,8 @@
 
         it 'redirects to cart page and shows an unavailable product message' do
           click_button "Place Order"
-          expect(page).to have_content "#{order_product.name} became unavailable"
           expect(page).to have_current_path spree.cart_path
+          expect(page).to have_content "#{order_product.name} became unavailable"
         end
       end
     end