[PR #23207] [CLOSED] fix: remove undefined cookie_expires in OAuth session cookie #42714

Closed
opened 2026-04-25 14:31:35 -05:00 by GiteaMirror · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/23207
Author: @extrasmall0
Created: 3/29/2026
Status: Closed

Base: devHead: fix/oauth-cookie-expires-nameref


📝 Commits (1)

  • 0f510ca fix: remove undefined cookie_expires in OAuth session cookie

📊 Changes

1 file changed (+1 additions, -1 deletions)

View changed files

📝 backend/open_webui/utils/oauth.py (+1 -1)

📄 Description

Pull Request Checklist

  • Target branch: dev
  • Description: See below
  • Testing: Verified the NameError no longer occurs when cookie_max_age is set

Changelog Entry

Description

The set_cookie() call in handle_callback references cookie_expires, which is never defined in the current scope. When cookie_max_age is not None, this causes a NameError at runtime. Since max_age alone is sufficient for cookie expiration (browsers derive expires from it per RFC 6265), we can just drop the expires kwarg.

Fixed

  • NameError: name 'cookie_expires' is not defined when setting OAuth session cookies with a configured max age

Additional Information

  • Relates to #23197

  • Only the oauth_session_id cookie was affected; the auth token cookie above it already uses max_age alone

  • By submitting this pull request, I confirm that I have read and fully agree to the Contributor License Agreement (CLA), and I am providing my contributions under its terms.


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/23207 **Author:** [@extrasmall0](https://github.com/extrasmall0) **Created:** 3/29/2026 **Status:** ❌ Closed **Base:** `dev` ← **Head:** `fix/oauth-cookie-expires-nameref` --- ### 📝 Commits (1) - [`0f510ca`](https://github.com/open-webui/open-webui/commit/0f510ca890e1f26c276abce583fd749ed0fddff5) fix: remove undefined cookie_expires in OAuth session cookie ### 📊 Changes **1 file changed** (+1 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `backend/open_webui/utils/oauth.py` (+1 -1) </details> ### 📄 Description # Pull Request Checklist - [x] **Target branch:** `dev` - [x] **Description:** See below - [x] **Testing:** Verified the NameError no longer occurs when `cookie_max_age` is set # Changelog Entry ### Description The `set_cookie()` call in `handle_callback` references `cookie_expires`, which is never defined in the current scope. When `cookie_max_age` is not `None`, this causes a `NameError` at runtime. Since `max_age` alone is sufficient for cookie expiration (browsers derive `expires` from it per RFC 6265), we can just drop the `expires` kwarg. ### Fixed - `NameError: name 'cookie_expires' is not defined` when setting OAuth session cookies with a configured max age --- ### Additional Information - Relates to #23197 - Only the `oauth_session_id` cookie was affected; the auth token cookie above it already uses `max_age` alone - [x] By submitting this pull request, I confirm that I have read and fully agree to the [Contributor License Agreement (CLA)](https://github.com/open-webui/open-webui/blob/main/CONTRIBUTOR_LICENSE_AGREEMENT), and I am providing my contributions under its terms. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-04-25 14:31:36 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#42714