feat: Added support for redis as session storage

2025-12-16 11:57:51 +01:00 · 2025-09-05 12:50:27 +02:00
parent d3d7b209b2
commit 4ca43004ed
2 changed files with 42 additions and 7 deletions
--- a/backend/open_webui/main.py
+++ b/backend/open_webui/main.py
@@ -50,6 +50,11 @@ from starlette.middleware.sessions import SessionMiddleware
 from starlette.responses import Response, StreamingResponse
 from starlette.datastructures import Headers

+from starsessions import (
+    SessionMiddleware as StarSessionsMiddleware,
+    SessionAutoloadMiddleware,
+)
+from starsessions.stores.redis import RedisStore

 from open_webui.utils import logger
 from open_webui.utils.audit import AuditLevel, AuditLoggingMiddleware
@@ -1897,13 +1902,42 @@ async def get_current_usage(user=Depends(get_verified_user)):

 # SessionMiddleware is used by authlib for oauth
 if len(OAUTH_PROVIDERS) > 0:
-    app.add_middleware(
-        SessionMiddleware,
-        secret_key=WEBUI_SECRET_KEY,
-        session_cookie="oui-session",
-        same_site=WEBUI_SESSION_COOKIE_SAME_SITE,
-        https_only=WEBUI_SESSION_COOKIE_SECURE,
-    )
+    try:
+        # Try to create Redis store for sessions
+        if REDIS_URL:
+            redis_session_store = RedisStore(
+                url=REDIS_URL,
+                prefix=(
+                    f"{REDIS_KEY_PREFIX}:session:" if REDIS_KEY_PREFIX else "session:"
+                ),
+            )
+
+            # Add SessionAutoloadMiddleware first to handle session loading
+            app.add_middleware(SessionAutoloadMiddleware)
+
+            app.add_middleware(
+                StarSessionsMiddleware,
+                store=redis_session_store,
+                cookie_name="oui-session",
+                cookie_same_site=WEBUI_SESSION_COOKIE_SAME_SITE,
+                cookie_https_only=WEBUI_SESSION_COOKIE_SECURE,
+            )
+            log.info("Using StarSessions with Redis for session management")
+        else:
+            raise ValueError("Redis URL not configured")
+
+    except Exception as e:
+        log.warning(
+            f"Failed to initialize Redis sessions, falling back to cookie based sessions: {e}"
+        )
+        # Fallback to existing SessionMiddleware
+        app.add_middleware(
+            SessionMiddleware,
+            secret_key=WEBUI_SECRET_KEY,
+            session_cookie="oui-session",
+            same_site=WEBUI_SESSION_COOKIE_SAME_SITE,
+            https_only=WEBUI_SESSION_COOKIE_SECURE,
+        )


@app.get("/oauth/{provider}/login")