mirror of
https://github.com/open-webui/open-webui.git
synced 2026-07-16 14:39:31 -05:00
[GH-ISSUE #24615] issue: Older OAuth session deletion not being reflected in the frontend when OAUTH_MAX_SESSIONS_PER_USER is set to 1 #123671
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @shubhankar-ncp on GitHub (May 12, 2026).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/24615
Check Existing Issues
Installation Method
Other
Open WebUI Version
v0.8.8
Ollama Version (if applicable)
No response
Operating System
Windows 11
Browser (if applicable)
No response
Confirmation
README.md.Expected Behavior
Actual Behavior
Steps to Reproduce
Logs & Screenshots
Log in the open-webui pod after logging into a new session on device B, indicating last session cannot be found:
2026-05-12 10:22:49.415 | WARNING | open_webui.utils.oauth:get_oauth_token:980 - No OAuth session found for user ed48f8b8-33ae-4c4a-b696-81057d937577, session b48a75e5-af65-4b57-b873-55fe1f1af7cf
The supposedly deleted session after the above log:
The new session:
Additional Information
Open-WebUI is deployed through Helm chart version 12.8.1 from the repo https://helm.openwebui.com/ on Openshift.
According to the documentation regarding OAUTH_MAX_SESSIONS_PER_USER, the older session should be purged since the value of the variable is set to one. However, the older session can still be interacted with normally.
@owui-terminator[bot] commented on GitHub (May 12, 2026):
🔍 Related Issues Found
I found some existing issues that might be related. Please check if any of these are duplicates or contain helpful solutions:
🟣 #21647 bug: OAuth sessions deleted on re-login, breaking multi-device usage
This is the closest match: it describes OAuth sessions being deleted on re-login so another device's session remains usable only until it tries to use the missing server-side session. The new issue differs in that the deletion is triggered by the session limit setting, but the underlying symptom and multi-device session inconsistency are the same.
by gboston
🟣 #23234 feat: Configurable maximum lifespan for OAuth sessions
This feature request is about adding a configurable maximum OAuth session lifespan, which is adjacent to the new issue's session-management behavior. It is less direct than #21647, but still relevant because both concern how OAuth sessions are retained or invalidated over time.
by lorenzophys
💡 If your issue is a duplicate, please close it and add any additional details to the existing issue instead.
This comment was generated automatically. React with 👍 if helpful, 👎 if not.