diff -r 4495b9bc49df -r c4380d8cfc25 web/application.py
--- a/web/application.py	Fri Jul 02 11:52:51 2010 +0200
+++ b/web/application.py	Fri Jul 02 14:47:44 2010 +0200
@@ -373,6 +373,7 @@
         # remove user callbacks on a new request (except for json controllers
         # to avoid callbacks being unregistered before they could be called)
         tstart = clock()
+        commited = False
         try:
             try:
                 ctrlid, rset = self.url_resolver.process(req, path)
@@ -390,6 +391,7 @@
                     # displaying some anonymous enabled view such as the cookie
                     # authentication form
                     req.cnx.commit()
+                    commited = True
             except (StatusResponse, DirectResponse):
                 if req.cnx:
                     req.cnx.commit()
@@ -433,7 +435,7 @@
                 self.critical('Catch all triggered!!!')
                 self.exception('this is what happened')
         finally:
-            if req.cnx:
+            if req.cnx and not commited:
                 try:
                     req.cnx.rollback()
                 except: