def login(self, account):
# User has logged in, create a session
- session_id, session_expires = self.backend.accounts.create_session(
- account, self.request.host)
+ with self.db.transaction():
+ session_id, session_expires = self.backend.accounts.create_session(
+ account, self.request.host)
# Check if a new session was created
if not session_id:
if not session_id:
return
- success = self.backend.accounts.destroy_session(session_id, self.request.host)
+ # Destroy session
+ with self.db.transaction():
+ success = self.backend.accounts.destroy_session(session_id, self.request.host)
+
if success:
self.clear_cookie("session_id")