This commit is contained in:
Timothy Jaeryang Baek
2026-03-21 17:59:44 -05:00
parent 17c819a3c2
commit bb3526f4e4
2 changed files with 11 additions and 0 deletions

View File

@@ -117,6 +117,7 @@ def create_session_response(request: Request, user, db, response: Response = Non
if set_cookie and response:
datetime_expires_at = datetime.datetime.fromtimestamp(expires_at, datetime.timezone.utc) if expires_at else None
max_age = int(expires_delta.total_seconds()) if expires_delta else None
response.set_cookie(
key='token',
value=token,
@@ -124,6 +125,7 @@ def create_session_response(request: Request, user, db, response: Response = Non
httponly=True,
samesite=WEBUI_AUTH_COOKIE_SAME_SITE,
secure=WEBUI_AUTH_COOKIE_SECURE,
**({'max_age': max_age} if max_age is not None else {}),
)
user_permissions = get_permissions(user.id, request.app.state.config.USER_PERMISSIONS, db=db)
@@ -181,6 +183,7 @@ async def get_session_user(
)
# Set the cookie token
max_age = int(expires_at - time.time()) if expires_at else None
response.set_cookie(
key='token',
value=token,
@@ -188,6 +191,7 @@ async def get_session_user(
httponly=True, # Ensures the cookie is not accessible via JavaScript
samesite=WEBUI_AUTH_COOKIE_SAME_SITE,
secure=WEBUI_AUTH_COOKIE_SECURE,
**({'max_age': max_age} if max_age is not None else {}),
)
user_permissions = get_permissions(user.id, request.app.state.config.USER_PERMISSIONS, db=db)

View File

@@ -1533,6 +1533,10 @@ class OAuthManager:
response = RedirectResponse(url=redirect_url, headers=response.headers)
# Compute cookie expiry from JWT lifetime
expires_delta = parse_duration(auth_manager_config.JWT_EXPIRES_IN)
cookie_max_age = int(expires_delta.total_seconds()) if expires_delta else None
# Set the cookie token
# Redirect back to the frontend with the JWT token
response.set_cookie(
@@ -1541,6 +1545,7 @@ class OAuthManager:
httponly=False, # Required for frontend access
samesite=WEBUI_AUTH_COOKIE_SAME_SITE,
secure=WEBUI_AUTH_COOKIE_SECURE,
**({'max_age': cookie_max_age} if cookie_max_age is not None else {}),
)
# Legacy cookies for compatibility with older frontend versions
@@ -1551,6 +1556,7 @@ class OAuthManager:
httponly=True,
samesite=WEBUI_AUTH_COOKIE_SAME_SITE,
secure=WEBUI_AUTH_COOKIE_SECURE,
**({'max_age': cookie_max_age} if cookie_max_age is not None else {}),
)
try:
@@ -1588,6 +1594,7 @@ class OAuthManager:
httponly=True,
samesite=WEBUI_AUTH_COOKIE_SAME_SITE,
secure=WEBUI_AUTH_COOKIE_SECURE,
**({'max_age': cookie_max_age, 'expires': cookie_expires} if cookie_max_age is not None else {}),
)
log.info(f'Stored OAuth session server-side for user {user.id}, provider {provider}')