feat: Added support for redis as session storage

cableman · cableman · commit 257dc89a4735 · 2025-09-05T13:12:01.000+02:00
diff --git a/backend/open_webui/main.py b/backend/open_webui/main.py
@@ -50,6 +50,11 @@
 from starlette.responses import Response, StreamingResponse
 from starlette.datastructures import Headers
 
+from starsessions import (
+    SessionMiddleware as StarSessionsMiddleware,
+    SessionAutoloadMiddleware,
+)
+from starsessions.stores.redis import RedisStore
 
 from open_webui.utils import logger
 from open_webui.utils.audit import AuditLevel, AuditLoggingMiddleware
@@ -1878,13 +1883,42 @@ async def get_current_usage(user=Depends(get_verified_user)):
 
 # SessionMiddleware is used by authlib for oauth
 if len(OAUTH_PROVIDERS) > 0:
-    app.add_middleware(
-        SessionMiddleware,
-        secret_key=WEBUI_SECRET_KEY,
-        session_cookie="oui-session",
-        same_site=WEBUI_SESSION_COOKIE_SAME_SITE,
-        https_only=WEBUI_SESSION_COOKIE_SECURE,
-    )
+    try:
+        # Try to create Redis store for sessions
+        if REDIS_URL:
+            redis_session_store = RedisStore(
+                url=REDIS_URL,
+                prefix=(
+                    f"{REDIS_KEY_PREFIX}:session:" if REDIS_KEY_PREFIX else "session:"
+               ),
+            )
+
+            # Add SessionAutoloadMiddleware first to handle session loading
+            app.add_middleware(SessionAutoloadMiddleware)
+
+            app.add_middleware(
+                StarSessionsMiddleware,
+                store=redis_session_store,
+                cookie_name="oui-session",
+                cookie_same_site=WEBUI_SESSION_COOKIE_SAME_SITE,
+                cookie_https_only=WEBUI_SESSION_COOKIE_SECURE,
+            )
+            log.info("Using StarSessions with Redis for session management")
+        else:
+            raise ValueError("Redis URL not configured")
+
+    except Exception as e:
+        log.warning(
+            f"Failed to initialize Redis sessions, falling back to cookie based sessions: {e}"
+        )
+        # Fallback to existing SessionMiddleware
+        app.add_middleware(
+            SessionMiddleware,
+            secret_key=WEBUI_SECRET_KEY,
+            session_cookie="oui-session",
+            same_site=WEBUI_SESSION_COOKIE_SAME_SITE,
+            https_only=WEBUI_SESSION_COOKIE_SECURE,
+        )
 
 
 @app.get("/oauth/{provider}/login")
diff --git a/backend/requirements.txt b/backend/requirements.txt
@@ -15,6 +15,7 @@ aiocache
 aiofiles
 starlette-compress==1.6.0
 httpx[socks,http2,zstd,cli,brotli]==0.28.1
+starsessions[redis]==2.2.1
 
 sqlalchemy==2.0.38
 alembic==1.14.0
diff --git a/static/pyodide/pyodide-lock.json b/static/pyodide/pyodide-lock.json
