Session Not Updating & Expired session continues to be active

Issue 1 : Session Cookie, nor session expiration is being updated
issue 2: Even After session is expired. Im getting valid session response (sending cookie manually)

better-auth version 1.2.7

better-auth Config

 session: {
    expiresIn: 60,
    updateAge: 0,
    freshAge: 0,
  },

 session: {
    expiresIn: 60,
    updateAge: 0,
    freshAge: 0,
  },

 session: {
    expiresIn: 60,
    updateAge: 0,
    freshAge: 0,
  },

 session: {
    expiresIn: 60,
    updateAge: 0,
    freshAge: 0,
  },

Expected behavior
--
So technically session should be valid for 1 Min and on every

/get-session

/get-session

/get-session

/get-session within that 1 min , the session expiry should be updated and a cookie be returned

Whats happening
---
The same response as the first

/get-session

/get-session

/get-session

/get-session continues for 1 min and after also. No

set-cookie

set-cookie

set-cookie

set-cookie is headers nor session expiry is updated in response

Full Config

export const auth = betterAuth({
  baseURL: env.BETTER_AUTH_URL,
  emailVerification: {
    sendOnSignUp: true,
    autoSignInAfterVerification: true,
    sendVerificationEmail: async ({ user, url }) => {
      await sendEmailVerification(user.email, url);
    },
  },

  emailAndPassword: {
    enabled: true,
    minPasswordLength: 8,
    maxPasswordLength: 40,
    autoSignIn: true,

    sendResetPassword: async ({ user, url }) => {
      await sendResetPassword(user.email, url);
    },
    password: {
      hash: async (password) => await Bun.password.hash(password),
      verify: async ({ hash, password }) =>
        await Bun.password.verify(password, hash),
    },
  },

  trustedOrigins: ["http://localhost:3000"],
  plugins: [
    captcha({
      provider: "cloudflare-turnstile",
      secretKey: env.TURNSTILE_SECRET_KEY,
    }),
    emailOTP({
      async sendVerificationOTP({ email, otp, type }) {
        if (type === "forget-password") await sendResetPasswordOTP(email, otp);
      },
    }),
    username({
      maxUsernameLength: 25,
      minUsernameLength: 3,
    }),
    admin(),
    openAPI(),
  ],
  database: drizzleAdapter(db, {
    provider: "pg",
    usePlural: true,
  }),
  session: {
    expiresIn: 60,
    updateAge: 0,
    freshAge: 0,
  },
  advanced: {
    cookiePrefix: "rcp",
  },
});

export const auth = betterAuth({
  baseURL: env.BETTER_AUTH_URL,
  emailVerification: {
    sendOnSignUp: true,
    autoSignInAfterVerification: true,
    sendVerificationEmail: async ({ user, url }) => {
      await sendEmailVerification(user.email, url);
    },
  },

  emailAndPassword: {
    enabled: true,
    minPasswordLength: 8,
    maxPasswordLength: 40,
    autoSignIn: true,

    sendResetPassword: async ({ user, url }) => {
      await sendResetPassword(user.email, url);
    },
    password: {
      hash: async (password) => await Bun.password.hash(password),
      verify: async ({ hash, password }) =>
        await Bun.password.verify(password, hash),
    },
  },

  trustedOrigins: ["http://localhost:3000"],
  plugins: [
    captcha({
      provider: "cloudflare-turnstile",
      secretKey: env.TURNSTILE_SECRET_KEY,
    }),
    emailOTP({
      async sendVerificationOTP({ email, otp, type }) {
        if (type === "forget-password") await sendResetPasswordOTP(email, otp);
      },
    }),
    username({
      maxUsernameLength: 25,
      minUsernameLength: 3,
    }),
    admin(),
    openAPI(),
  ],
  database: drizzleAdapter(db, {
    provider: "pg",
    usePlural: true,
  }),
  session: {
    expiresIn: 60,
    updateAge: 0,
    freshAge: 0,
  },
  advanced: {
    cookiePrefix: "rcp",
  },
});

export const auth = betterAuth({
  baseURL: env.BETTER_AUTH_URL,
  emailVerification: {
    sendOnSignUp: true,
    autoSignInAfterVerification: true,
    sendVerificationEmail: async ({ user, url }) => {
      await sendEmailVerification(user.email, url);
    },
  },

  emailAndPassword: {
    enabled: true,
    minPasswordLength: 8,
    maxPasswordLength: 40,
    autoSignIn: true,

    sendResetPassword: async ({ user, url }) => {
      await sendResetPassword(user.email, url);
    },
    password: {
      hash: async (password) => await Bun.password.hash(password),
      verify: async ({ hash, password }) =>
        await Bun.password.verify(password, hash),
    },
  },

  trustedOrigins: ["http://localhost:3000"],
  plugins: [
    captcha({
      provider: "cloudflare-turnstile",
      secretKey: env.TURNSTILE_SECRET_KEY,
    }),
    emailOTP({
      async sendVerificationOTP({ email, otp, type }) {
        if (type === "forget-password") await sendResetPasswordOTP(email, otp);
      },
    }),
    username({
      maxUsernameLength: 25,
      minUsernameLength: 3,
    }),
    admin(),
    openAPI(),
  ],
  database: drizzleAdapter(db, {
    provider: "pg",
    usePlural: true,
  }),
  session: {
    expiresIn: 60,
    updateAge: 0,
    freshAge: 0,
  },
  advanced: {
    cookiePrefix: "rcp",
  },
});

export const auth = betterAuth({
  baseURL: env.BETTER_AUTH_URL,
  emailVerification: {
    sendOnSignUp: true,
    autoSignInAfterVerification: true,
    sendVerificationEmail: async ({ user, url }) => {
      await sendEmailVerification(user.email, url);
    },
  },

  emailAndPassword: {
    enabled: true,
    minPasswordLength: 8,
    maxPasswordLength: 40,
    autoSignIn: true,

    sendResetPassword: async ({ user, url }) => {
      await sendResetPassword(user.email, url);
    },
    password: {
      hash: async (password) => await Bun.password.hash(password),
      verify: async ({ hash, password }) =>
        await Bun.password.verify(password, hash),
    },
  },

  trustedOrigins: ["http://localhost:3000"],
  plugins: [
    captcha({
      provider: "cloudflare-turnstile",
      secretKey: env.TURNSTILE_SECRET_KEY,
    }),
    emailOTP({
      async sendVerificationOTP({ email, otp, type }) {
        if (type === "forget-password") await sendResetPasswordOTP(email, otp);
      },
    }),
    username({
      maxUsernameLength: 25,
      minUsernameLength: 3,
    }),
    admin(),
    openAPI(),
  ],
  database: drizzleAdapter(db, {
    provider: "pg",
    usePlural: true,
  }),
  session: {
    expiresIn: 60,
    updateAge: 0,
    freshAge: 0,
  },
  advanced: {
    cookiePrefix: "rcp",
  },
});

Session Not Updating & Expired session continues to be active

Similar Threads

Similar Threads

Similar Threads