Checklist
Describe the bug
When using AuthenticationBackend as described in the OAuth documentation, the session fails to persist if the application uses SessionMiddleware with a custom session_cookie name.
It appears that sqladmin does not detect or respect the custom cookie name, resulting in request.session being empty on subsequent requests.
Steps to reproduce the bug
-
Configure a Starlette/FastAPI app with sqladmin and AuthenticationBackend.
-
Add SessionMiddleware to the application.
Scenario 1: Working (Default Cookie Name)
# This works correctly; session is persisted.
app.add_middleware(SessionMiddleware, secret_key="test")
Scenario 2: Broken (Custom Cookie Name)
# This fails; request.session is empty on subsequent requests.
app.add_middleware(SessionMiddleware, secret_key="test", session_cookie="my_cookie_name")
Expected behavior
The AuthenticationBackend should function correctly regardless of the session_cookie name configured in SessionMiddleware, or it should detect the existing middleware configuration.
Actual behavior
When session_cookie is set to a custom value (e.g., "my_cookie_name"), the authentication session state is lost, and request.session is empty in the admin context.
Debugging material
Potential Root Cause: I suspect a conflict between the middleware I explicitly added and how the library handles sessions.
Middleware 1 (My Code): Sets the cookie on the client using `session_cookie="my_cookie_name"`.
Middleware 2 (Library Internal): It seems sqladmin might be initializing its own session logic or expecting the default cookie name.
Referring to this line in authentication.py, the library might be looking for the default session cookie. When it doesn't find it (because the client has my_cookie_name), it initializes an empty session, ignoring the data stored by my custom middleware.
Environment
python 3.14.2
sqladmin 0.23.0
Additional context
I might try to open a PR later this week.
Checklist
master.Describe the bug
When using
AuthenticationBackendas described in the OAuth documentation, the session fails to persist if the application uses SessionMiddleware with a custom session_cookie name.It appears that sqladmin does not detect or respect the custom cookie name, resulting in
request.sessionbeing empty on subsequent requests.Steps to reproduce the bug
Configure a Starlette/FastAPI app with sqladmin and AuthenticationBackend.
Add SessionMiddleware to the application.
Scenario 1: Working (Default Cookie Name)
Scenario 2: Broken (Custom Cookie Name)
Expected behavior
The
AuthenticationBackendshould function correctly regardless of thesession_cookiename configured inSessionMiddleware, or it should detect the existing middleware configuration.Actual behavior
When
session_cookieis set to a custom value (e.g.,"my_cookie_name"), the authentication session state is lost, andrequest.sessionis empty in the admin context.Debugging material
Potential Root Cause: I suspect a conflict between the middleware I explicitly added and how the library handles sessions.
Referring to this line in authentication.py, the library might be looking for the default session cookie. When it doesn't find it (because the client has
my_cookie_name), it initializes an empty session, ignoring the data stored by my custom middleware.Environment
python 3.14.2
sqladmin 0.23.0
Additional context
I might try to open a PR later this week.