Merge pull request #17223 from itk-dev/feature/session-in-redis

feat: Added support for redis as session storage
2025-09-24 23:23:56 -05:00 · 2025-09-24 23:23:56 -05:00 · d3b09c6a02
parent 27d61307cd 4ca43004ed
commit d3b09c6a02
2 changed files with 42 additions and 7 deletions
--- a/backend/open_webui/main.py
+++ b/backend/open_webui/main.py
@ -50,6 +50,11 @@ from starlette.middleware.sessions import SessionMiddleware
 from starlette.responses import Response, StreamingResponse
 from starlette.datastructures import Headers

+from starsessions import (
+    SessionMiddleware as StarSessionsMiddleware,
+    SessionAutoloadMiddleware,
+)
+from starsessions.stores.redis import RedisStore

 from open_webui.utils import logger
 from open_webui.utils.audit import AuditLevel, AuditLoggingMiddleware
@ -1878,13 +1883,42 @@ async def get_current_usage(user=Depends(get_verified_user)):

 # SessionMiddleware is used by authlib for oauth
 if len(OAUTH_PROVIDERS) > 0:
-    app.add_middleware(
-        SessionMiddleware,
-        secret_key=WEBUI_SECRET_KEY,
-        session_cookie="oui-session",
-        same_site=WEBUI_SESSION_COOKIE_SAME_SITE,
-        https_only=WEBUI_SESSION_COOKIE_SECURE,
-    )
+    try:
+        # Try to create Redis store for sessions
+        if REDIS_URL:
+            redis_session_store = RedisStore(
+                url=REDIS_URL,
+                prefix=(
+                    f"{REDIS_KEY_PREFIX}:session:" if REDIS_KEY_PREFIX else "session:"
+                ),
+            )
+
+            # Add SessionAutoloadMiddleware first to handle session loading
+            app.add_middleware(SessionAutoloadMiddleware)
+
+            app.add_middleware(
+                StarSessionsMiddleware,
+                store=redis_session_store,
+                cookie_name="oui-session",
+                cookie_same_site=WEBUI_SESSION_COOKIE_SAME_SITE,
+                cookie_https_only=WEBUI_SESSION_COOKIE_SECURE,
+            )
+            log.info("Using StarSessions with Redis for session management")
+        else:
+            raise ValueError("Redis URL not configured")
+
+    except Exception as e:
+        log.warning(
+            f"Failed to initialize Redis sessions, falling back to cookie based sessions: {e}"
+        )
+        # Fallback to existing SessionMiddleware
+        app.add_middleware(
+            SessionMiddleware,
+            secret_key=WEBUI_SECRET_KEY,
+            session_cookie="oui-session",
+            same_site=WEBUI_SESSION_COOKIE_SAME_SITE,
+            https_only=WEBUI_SESSION_COOKIE_SECURE,
+        )


@app.get("/oauth/{provider}/login")
--- a/backend/requirements.txt
+++ b/backend/requirements.txt
@ -16,6 +16,7 @@ aiocache
 aiofiles
 starlette-compress==1.6.0
 httpx[socks,http2,zstd,cli,brotli]==0.28.1
+starsessions[redis]==2.2.1

 sqlalchemy==2.0.38
 alembic==1.14.0