mirror of
https://github.com/open-webui/open-webui.git
synced 2026-07-16 23:21:44 -05:00
[PR #23207] [CLOSED] fix: remove undefined cookie_expires in OAuth session cookie #98122
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
📋 Pull Request Information
Original PR: https://github.com/open-webui/open-webui/pull/23207
Author: @extrasmall0
Created: 3/29/2026
Status: ❌ Closed
Base:
dev← Head:fix/oauth-cookie-expires-nameref📝 Commits (1)
0f510cafix: remove undefined cookie_expires in OAuth session cookie📊 Changes
1 file changed (+1 additions, -1 deletions)
View changed files
📝
backend/open_webui/utils/oauth.py(+1 -1)📄 Description
Pull Request Checklist
devcookie_max_ageis setChangelog Entry
Description
The
set_cookie()call inhandle_callbackreferencescookie_expires, which is never defined in the current scope. Whencookie_max_ageis notNone, this causes aNameErrorat runtime. Sincemax_agealone is sufficient for cookie expiration (browsers deriveexpiresfrom it per RFC 6265), we can just drop theexpireskwarg.Fixed
NameError: name 'cookie_expires' is not definedwhen setting OAuth session cookies with a configured max ageAdditional Information
Relates to #23197
Only the
oauth_session_idcookie was affected; the auth token cookie above it already usesmax_agealoneBy submitting this pull request, I confirm that I have read and fully agree to the Contributor License Agreement (CLA), and I am providing my contributions under its terms.
🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.