[PR #23198] [CLOSED] fix: remove undefined cookie_expires in OAuth session cookie #81949

Closed
opened 2026-05-13 16:21:41 -05:00 by GiteaMirror · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/23198
Author: @extrasmall0
Created: 3/29/2026
Status: Closed

Base: mainHead: fix/oauth-cookie-expires-nameref


📝 Commits (1)

  • 951b90c fix: remove undefined cookie_expires in OAuth session cookie

📊 Changes

1 file changed (+1 additions, -1 deletions)

View changed files

📝 backend/open_webui/utils/oauth.py (+1 -1)

📄 Description

Fixes #23197

handle_callback references cookie_expires when setting the oauth_session_id cookie, but that variable is never defined — only cookie_max_age is computed from JWT_EXPIRES_IN. This causes a NameError on every OAuth login, silently skipping the cookie (caught by the try/except).

The other two cookies in the same method (token, oauth_id_token) already use just max_age, so this aligns the third cookie with the same pattern.

One-line change: drop the expires kwarg from the oauth_session_id set_cookie call.


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/23198 **Author:** [@extrasmall0](https://github.com/extrasmall0) **Created:** 3/29/2026 **Status:** ❌ Closed **Base:** `main` ← **Head:** `fix/oauth-cookie-expires-nameref` --- ### 📝 Commits (1) - [`951b90c`](https://github.com/open-webui/open-webui/commit/951b90cb19a00bc5961b165003c54420ec36035a) fix: remove undefined cookie_expires in OAuth session cookie ### 📊 Changes **1 file changed** (+1 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `backend/open_webui/utils/oauth.py` (+1 -1) </details> ### 📄 Description Fixes #23197 `handle_callback` references `cookie_expires` when setting the `oauth_session_id` cookie, but that variable is never defined — only `cookie_max_age` is computed from `JWT_EXPIRES_IN`. This causes a `NameError` on every OAuth login, silently skipping the cookie (caught by the `try/except`). The other two cookies in the same method (`token`, `oauth_id_token`) already use just `max_age`, so this aligns the third cookie with the same pattern. One-line change: drop the `expires` kwarg from the `oauth_session_id` `set_cookie` call. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-05-13 16:21:41 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#81949