fix: session middleware should be required by default

backend/open_webui/main.py

@@ -1908,37 +1908,32 @@ if len(app.state.config.TOOL_SERVER_CONNECTIONS) > 0:
                     f"mcp:{server_id}", OAuthClientInformationFull(**oauth_client_info)
                 )
 
+try:
+    if REDIS_URL:
+        redis_session_store = RedisStore(
+            url=REDIS_URL,
+            prefix=(f"{REDIS_KEY_PREFIX}:session:" if REDIS_KEY_PREFIX else "session:"),
+        )
 
-# SessionMiddleware is used by authlib for oauth
-if len(OAUTH_PROVIDERS) > 0:
-    try:
-        if REDIS_URL:
-            redis_session_store = RedisStore(
-                url=REDIS_URL,
-                prefix=(
-                    f"{REDIS_KEY_PREFIX}:session:" if REDIS_KEY_PREFIX else "session:"
-                ),
-            )
-
-            app.add_middleware(SessionAutoloadMiddleware)
-            app.add_middleware(
-                StarSessionsMiddleware,
-                store=redis_session_store,
-                cookie_name="oui-session",
-                cookie_same_site=WEBUI_SESSION_COOKIE_SAME_SITE,
-                cookie_https_only=WEBUI_SESSION_COOKIE_SECURE,
-            )
-            log.info("Using Redis for session")
-        else:
-            raise ValueError("No Redis URL provided")
-    except Exception as e:
+        app.add_middleware(SessionAutoloadMiddleware)
         app.add_middleware(
-            SessionMiddleware,
-            secret_key=WEBUI_SECRET_KEY,
-            session_cookie="oui-session",
-            same_site=WEBUI_SESSION_COOKIE_SAME_SITE,
-            https_only=WEBUI_SESSION_COOKIE_SECURE,
+            StarSessionsMiddleware,
+            store=redis_session_store,
+            cookie_name="owui-session",
+            cookie_same_site=WEBUI_SESSION_COOKIE_SAME_SITE,
+            cookie_https_only=WEBUI_SESSION_COOKIE_SECURE,
         )
+        log.info("Using Redis for session")
+    else:
+        raise ValueError("No Redis URL provided")
+except Exception as e:
+    app.add_middleware(
+        SessionMiddleware,
+        secret_key=WEBUI_SECRET_KEY,
+        session_cookie="owui-session",
+        same_site=WEBUI_SESSION_COOKIE_SAME_SITE,
+        https_only=WEBUI_SESSION_COOKIE_SECURE,
+    )
 
 
 @app.get("/oauth/clients/{client_id}/authorize")