ALL
POSTS
41 posts so far.
March 15, 2026Python10 min read
How SQLAlchemy's Identity Map Served Stale Data to 23,000 API Requests
We managed SQLAlchemy sessions manually in Flask, skipping Flask-SQLAlchemy. Forgetting one line — Session.remove() — turned the ORM's per-thread identity map into a stale-data cache that silently returned outdated records for six hours.
March 11, 2026Python9 min read
The Shared State Trap: How a FastAPI 'Optimisation' Leaked User Data
We replaced Flask's request-scoped g with a plain dict during migration. Under async concurrency, that dict silently served one tenant's data to a completely different user.