marksparkza
commented
3 years ago The approach described in the blog is not ideal.
The change introduced by commit 9c145f3 violates Important Point Number 2 in this SQLAlchemy Session FAQ, to wit:
- Make sure you have a clear notion of where transactions begin and end, and keep transactions short, meaning, they end at the series of a sequence of operations, instead of being held open indefinitely.
In the blog approach, there is no clear notion of where or when transactions begin and end. Also, the Flask app.after_request hook may be executed more than once for a given user-initiated request; in the Admin UI, at least, it is reached first with a request status of 302, and then with a 200. It is not clear whether it is appropriate to assume that a commit should be done in either or both of these cases. The blog approach furthermore does not consider:
- error conditions (such as back-end form validation failing) may still return a 200 status (along with a re-rendered form)
- error conditions may still require DB updates to be committed, e.g. for account locking
While it is a good idea to associate the session lifecycle with the request lifecycle (which we were already doing by calling session.remove() in the app.teardown_request hook) transaction scope should be managed separately and be clearly associated with the DB updates it encloses - e.g. using a context manager with block.
This blog post provides a good example of how this can be done.