mirror of
https://github.com/open-webui/open-webui.git
synced 2026-07-16 23:21:44 -05:00
[PR #23198] [CLOSED] fix: remove undefined cookie_expires in OAuth session cookie #130742
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
📋 Pull Request Information
Original PR: https://github.com/open-webui/open-webui/pull/23198
Author: @extrasmall0
Created: 3/29/2026
Status: ❌ Closed
Base:
main← Head:fix/oauth-cookie-expires-nameref📝 Commits (1)
951b90cfix: remove undefined cookie_expires in OAuth session cookie📊 Changes
1 file changed (+1 additions, -1 deletions)
View changed files
📝
backend/open_webui/utils/oauth.py(+1 -1)📄 Description
Fixes #23197
handle_callbackreferencescookie_expireswhen setting theoauth_session_idcookie, but that variable is never defined — onlycookie_max_ageis computed fromJWT_EXPIRES_IN. This causes aNameErroron every OAuth login, silently skipping the cookie (caught by thetry/except).The other two cookies in the same method (
token,oauth_id_token) already use justmax_age, so this aligns the third cookie with the same pattern.One-line change: drop the
expireskwarg from theoauth_session_idset_cookiecall.🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.