auth: Wrap login and logout in a single transaction

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/web/auth.py b/src/web/auth.py
index 14ae0d213a205623690d1c38b9279c51d72e45dd..afea42886ca7a653724086d6a612c6afcd773971 100644 (file)
--- a/src/web/auth.py
+++ b/src/web/auth.py
@@ -20,8 +20,9 @@ class AuthenticationMixin(object):
 
        def login(self, account):
                # User has logged in, create a session
-               session_id, session_expires = self.backend.accounts.create_session(
-                       account, self.request.host)
+               with self.db.transaction():
+                       session_id, session_expires = self.backend.accounts.create_session(
+                               account, self.request.host)
 
                # Check if a new session was created
                if not session_id:
@@ -36,7 +37,10 @@ class AuthenticationMixin(object):
                if not session_id:
                        return
 
-               success = self.backend.accounts.destroy_session(session_id, self.request.host)
+               # Destroy session
+               with self.db.transaction():
+                       success = self.backend.accounts.destroy_session(session_id, self.request.host)
+
                if success:
                        self.clear_cookie("session_id")