BA

Better Auth•12mo ago•

35 replies

Duki

Session isn't updated after changing email of a user with an unverified email

I am currently trying to implement the change email feature from better auth and stumbled upon a bug (i think). I followed the steps from this guide https://www.better-auth.com/docs/concepts/users-accounts#change-email and it works perfectly fine when changing the email of a user whose email is already verified. The user receives an approval email, if they really want to change their email. The email then changes both in the User table as well es in the Session and the follow up verification email on the newly change email also works perfectly fine.

Now the issue is with users whose emails were not verified yet. The email on the User table changes instantly (as expected) without an approval email (also expected), but the email in the session is still the old one. This then backfires when the new verification email is sent to the new email. When clicking on that url I get redirected to my callback url with the params

?error=user_not_found

?error=user_not_found

. And when I check the sessions in my redis database I can see the session with the old email. I feel like better auth is forgetting to refresh the session in this case, or am I supposed to do it manually?

Perhaps it is worth mentioning that I'm updating the email on the server side with

auth.api.changeEmail()

auth.api.changeEmail()

Solution

Ah nice, a PR has been merged which should fix this issue!
https://github.com/better-auth/better-auth/pull/1801

And for others who encountered the issue, which this post was originally about (session update in secondary storage after changing email), the solution was to update better-auth to

1.2.4-beta.7

1.2.4-beta.7

. I hope this PR will also be added to v1.2.4 once it's released!

GitHub

fix: on change email request for unverified emails should use the n...

closes #1799

Jump to solution