Session duplication bug when two-factor plugin enabled
I have a project that shows otp-modal if two-factor validation is active. The normal is that it creates a session after entering the correct otp code. But as soon as i enter the password the session is created and after i enter the otp code correctly another session is created. What is the solution for this?
actions/sign-in.ts -->
sign-in-form -->
actions/sign-in.ts -->
"use server";
import { auth } from "@/lib/auth";
import { signInSchema } from "@/schemas";
import { APIError } from "better-auth/api";
import { z } from "zod";
export const signIn = async (values: z.infer<typeof signInSchema>) => {
const validatedData = signInSchema.parse(values);
try {
const response = await auth.api.signInEmail({
body: {
email: validatedData.email,
password: validatedData.password,
callbackURL: "/verify-email?success=true",
},
asResponse: true,
});
if (!response.ok) {
throw new Error("Failed to sign in");
}
const data = await response.json();
console.log("Sign-in Response:", data);
if (data.twoFactorRedirect) return { twoFactorRedirect: true };
return null;
} catch (error) {
if (error instanceof APIError) {
if (error.status === "UNAUTHORIZED") {
throw new Error("Invalid email or password");
}
if (error.status === "FORBIDDEN") {
throw new Error("Email not verified");
}
}
throw new Error("Something went wrong.");
}
};"use server";
import { auth } from "@/lib/auth";
import { signInSchema } from "@/schemas";
import { APIError } from "better-auth/api";
import { z } from "zod";
export const signIn = async (values: z.infer<typeof signInSchema>) => {
const validatedData = signInSchema.parse(values);
try {
const response = await auth.api.signInEmail({
body: {
email: validatedData.email,
password: validatedData.password,
callbackURL: "/verify-email?success=true",
},
asResponse: true,
});
if (!response.ok) {
throw new Error("Failed to sign in");
}
const data = await response.json();
console.log("Sign-in Response:", data);
if (data.twoFactorRedirect) return { twoFactorRedirect: true };
return null;
} catch (error) {
if (error instanceof APIError) {
if (error.status === "UNAUTHORIZED") {
throw new Error("Invalid email or password");
}
if (error.status === "FORBIDDEN") {
throw new Error("Email not verified");
}
}
throw new Error("Something went wrong.");
}
};sign-in-form -->
import { twoFactor } from "@/lib/auth-client";
const onSubmit = (values: z.infer<typeof signInSchema>) => {
startTransition(() => {
signIn(values)
.then(async (data) => {
if (data?.twoFactorRedirect) {
await twoFactor.sendOtp();
otpModal.onOpen();
}
router.push("/dashboard");
})
.catch((error) => toast.error(error.message));
});
};import { twoFactor } from "@/lib/auth-client";
const onSubmit = (values: z.infer<typeof signInSchema>) => {
startTransition(() => {
signIn(values)
.then(async (data) => {
if (data?.twoFactorRedirect) {
await twoFactor.sendOtp();
otpModal.onOpen();
}
router.push("/dashboard");
})
.catch((error) => toast.error(error.message));
});
};
Was this page helpful?
