#pyramid logout can not remove session if another page is loading

Question

My web uses pyramid, and include pyramid_beaker to use session to judge wether client is already logged in or not.
Now I meet a proble: I login on one web page and open a new tab, if I logout on first page(it's seen redirected to login page successfully) before the second page has loaded all, then refresh two page, both become logged, totally different from what I expect. I thought both two page should be logout

my code is like:

   @view_defaults(route_name='/')
   class client:
       def __init__(self, request)
           self.rq = request
           if self.rq.session.get("loginfo", {}).get("logged") == "1":
               # logged, do something
           else:
               # not logged, raise Httpfound

       @view_config(...)
       def login(self):
           self.rq.session["loginfo"] = {"logged": "1"}

       @view_config(...)
       def logout(self)
           if "loginfo" in self.rq.session:
               del self.rq.session["loginfo"]

configuration in ini

session.type = memory
session.key = mykey
session.secret = mysecret
session.data_dir = %(here)s/data/sessions/data
session.lock_dir = %(here)s/data/sessions/lock
session.timeout = 7200

If I operate slower, just wait second page load completed, then logout, both page become logout
I am totally confused, why the second page will influence cleaning loginfo from session?

Answer 1

Sessions are a blob of data that are updated all-or-nothing. What's probably happening is:

s0 = original session with login info
request1.session = copy(s0) and set logout
request2.session = copy(s0) and do other things
save request1.session
save request2.session

The final result is request2.session which does not have the logout set.

Race conditions are a known issue in sessions and just a fact of life unless you take extra precautions like locking but most times it's not worthwhile.