On Wed, 2011-08-03 at 14:34 -0500, Matt Feifarek wrote:
> On Wed, Aug 3, 2011 at 1:12 PM, Chris McDonough <chr...@plope.com>
> wrote:
>
> > In fact, an argument could be made that if a transaction
> fails, the
> > entire contents of the view callable should not execute...
>
>
> We don't know whether the "transaction failed" until the view
> callable
> is called. The definition of a transaction "failing" is
> either an
> exception is raised by view code or the view response code is
> 4XX/5XX.
>
>
> And by the time it fails, our view callable is finished (or has thrown
> an exception), so we can't branch code based on failure.
>
>
> But, back down to earth, doing something like setting a value in
> session when there is a transaction failure could lead to inconsistent
> state. Say a view callable is supposed to log someone in... but a
> database transaction fails. Meanwhile, our view callable has turned on
> "authenticated" in the session, but they didn't actually login
> successfully...
>
>
> It might be far-fetched, but I found it already ;-) Thankfully, not a
> security breach, just a bad UI message, but still...
>
>
> What kind of strategies make sense in this situation? I suppose if one
> separated "action" from "output" and did all the actions first
> (setting db values, etc.) and then added a success callback that
> called output functions ("your setting was a success!")?
>
>
> I also know that we can manually commit() transactions when it might
> be important (login?)...
The answer is to not mix transaction-aware and non-transaction-aware
storage if you need everything to be transactional. I hope someone will
take on the task of making a transaction session storage.
- C
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to pylons-discuss@googlegroups.com.
To unsubscribe from this group, send email to
pylons-discuss+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en.
