session: Enforce that changes cannot happen in a transaction.

zerver/lib/cache_helpers.py

@@ -82,7 +82,7 @@ def huddle_cache_items(items_for_remote_cache: Dict[str, Tuple[Huddle]], huddle:
 
 
 def session_cache_items(items_for_remote_cache: Dict[str, str], session: Session) -> None:
-    if settings.SESSION_ENGINE != "django.contrib.sessions.backends.cached_db":
+    if settings.SESSION_ENGINE != "zerver.lib.safe_session_cached_db":
         # If we're not using the cached_db session engine, we there
         # will be no store.cache_key attribute, and in any case we
         # don't need to fill the cache, since it won't exist.

zerver/lib/safe_session_cached_db.py

@@ -0,0 +1,25 @@
+from typing import Optional
+
+from django.contrib.sessions.backends.cached_db import SessionStore as CachedDbSessionStore
+from django.db.transaction import get_connection
+
+
+class SessionStore(CachedDbSessionStore):
+    """Caching session object which does not leak into the cache.
+
+    django.contrib.sessions.backends.cached_db does write-through to
+    the cache and the backing database.  If the database is in a
+    transaction, this may leak not-yet-committed changes to the cache,
+    which can lead to inconsistent state.  This class wraps changes to
+    the session in assertions which enforce that the database cannot
+    be in a transaction before writing.
+
+    """
+
+    def save(self, must_create: bool = False) -> None:
+        assert not get_connection().in_atomic_block
+        super().save(must_create)
+
+    def delete(self, session_key: Optional[str] = None) -> None:
+        assert not get_connection().in_atomic_block
+        super().delete(session_key)