fix: session middleware should be required by default

2025-09-28 16:35:13 -05:00 · 2025-09-28 16:35:13 -05:00 · fe54fb61aa
parent 7e8ee46d2c
commit fe54fb61aa
1 changed files with 25 additions and 30 deletions
--- a/backend/open_webui/main.py
+++ b/backend/open_webui/main.py
@ -1908,38 +1908,33 @@ if len(app.state.config.TOOL_SERVER_CONNECTIONS) > 0:
                    f"mcp:{server_id}", OAuthClientInformationFull(**oauth_client_info)
                )

-
-# SessionMiddleware is used by authlib for oauth
-if len(OAUTH_PROVIDERS) > 0:
-    try:
-        if REDIS_URL:
-            redis_session_store = RedisStore(
-                url=REDIS_URL,
-                prefix=(
-                    f"{REDIS_KEY_PREFIX}:session:" if REDIS_KEY_PREFIX else "session:"
-                ),
-            )
-
-            app.add_middleware(SessionAutoloadMiddleware)
-            app.add_middleware(
-                StarSessionsMiddleware,
-                store=redis_session_store,
-                cookie_name="oui-session",
-                cookie_same_site=WEBUI_SESSION_COOKIE_SAME_SITE,
-                cookie_https_only=WEBUI_SESSION_COOKIE_SECURE,
-            )
-            log.info("Using Redis for session")
-        else:
-            raise ValueError("No Redis URL provided")
-    except Exception as e:
-        app.add_middleware(
-            SessionMiddleware,
-            secret_key=WEBUI_SECRET_KEY,
-            session_cookie="oui-session",
-            same_site=WEBUI_SESSION_COOKIE_SAME_SITE,
-            https_only=WEBUI_SESSION_COOKIE_SECURE,
+try:
+    if REDIS_URL:
+        redis_session_store = RedisStore(
+            url=REDIS_URL,
+            prefix=(f"{REDIS_KEY_PREFIX}:session:" if REDIS_KEY_PREFIX else "session:"),
        )

+        app.add_middleware(SessionAutoloadMiddleware)
+        app.add_middleware(
+            StarSessionsMiddleware,
+            store=redis_session_store,
+            cookie_name="owui-session",
+            cookie_same_site=WEBUI_SESSION_COOKIE_SAME_SITE,
+            cookie_https_only=WEBUI_SESSION_COOKIE_SECURE,
+        )
+        log.info("Using Redis for session")
+    else:
+        raise ValueError("No Redis URL provided")
+except Exception as e:
+    app.add_middleware(
+        SessionMiddleware,
+        secret_key=WEBUI_SECRET_KEY,
+        session_cookie="owui-session",
+        same_site=WEBUI_SESSION_COOKIE_SAME_SITE,
+        https_only=WEBUI_SESSION_COOKIE_SECURE,
+    )
+

@app.get("/oauth/clients/{client_id}/authorize")
 async def oauth_client_authorize(