3 replies

Session Expiration Limited to 1 Day Despite 7-Day Configuration

We're experiencing a session expiration issue with Better Auth where our sessions are only valid for 1 day instead of 7, despite the specified configuration.

In our logs, we can see session creation with:

sessionExpiresAt: '2025-05-02 19:40:17.627',
sessionCreatedAt: '2025-05-01 19:40:17.628',
timeDiffDays: 0.999999988425926

sessionExpiresAt: '2025-05-02 19:40:17.627',
sessionCreatedAt: '2025-05-01 19:40:17.628',
timeDiffDays: 0.999999988425926

Relevant Configuration:

// auth.ts
export const auth = betterAuth({
  session: {
    expiresIn: 60 * 60 * 24 * 7, // 7 days
    updateAge: 60 * 60 * 24, // 1 day
    cookieCache: {
      enabled: true,
      maxAge: 5 * 60, // 5 minutes
    },
  },
  plugins: [
    customSession(async ({ user, session }) => {
      // Custom session logic
      return { user: { ...user }, session };
    }),
    nextCookies(),
  ],
});

// auth.ts
export const auth = betterAuth({
  session: {
    expiresIn: 60 * 60 * 24 * 7, // 7 days
    updateAge: 60 * 60 * 24, // 1 day
    cookieCache: {
      enabled: true,
      maxAge: 5 * 60, // 5 minutes
    },
  },
  plugins: [
    customSession(async ({ user, session }) => {
      // Custom session logic
      return { user: { ...user }, session };
    }),
    nextCookies(),
  ],
});

API Routes:

// app/api/auth/[...all]/route.ts
import { auth } from "@/lib/auth";
import { toNextJsHandler } from "better-auth/next-js";
 
export const { POST, GET } = toNextJsHandler(auth.handler);

// app/api/auth/[...all]/route.ts
import { auth } from "@/lib/auth";
import { toNextJsHandler } from "better-auth/next-js";
 
export const { POST, GET } = toNextJsHandler(auth.handler);

Client:

// auth-client.ts
import { createAuthClient } from "better-auth/react";
import { inferAdditionalFields } from "better-auth/client/plugins";
import { customSessionClient } from "better-auth/client/plugins";
import { auth } from "./auth";

export const authClient = createAuthClient({
  plugins: [
    inferAdditionalFields<typeof auth>(),
    customSessionClient<typeof auth>(),
  ],
  baseURL: "http://localhost:8082",
});

// auth-client.ts
import { createAuthClient } from "better-auth/react";
import { inferAdditionalFields } from "better-auth/client/plugins";
import { customSessionClient } from "better-auth/client/plugins";
import { auth } from "./auth";

export const authClient = createAuthClient({
  plugins: [
    inferAdditionalFields<typeof auth>(),
    customSessionClient<typeof auth>(),
  ],
  baseURL: "http://localhost:8082",
});

Issue Details:
1. When checking

expiresAt

expiresAt

in the database, session expiration is consistently set to createdAt + 1 day, not 7 days.
2. Our session cookie is set correctly but expires after ~5 min and is not renewed.
3. This causes authentication errors in our app when fetching from protected endpoints.

Is this expected behavior?

better-auth: 1.2.7,
better-fetch: 1.1.2,
next": 15.2.4,

Any insights appreciated!

Solution

I discovered that setting

rememberMe: true

rememberMe: true

resolved our session expiration issue. Sessions were only lasting 1 day instead of the configured 7 days.

The current documentation only states:

"rememberMe: If false, the user will be signed out when the browser is closed. (optional) (default: true)"

However, our investigation shows that

rememberMe

rememberMe

has a more significant impact than documented. When

rememberMe

rememberMe

is false (or not explicitly set to true when signing in), it appears to override the

session.expiresIn

session.expiresIn

configuration, limiting session expiration to approximately creationTime + 1 day regardless of the configured 7-day expiration.

I suggest updating the documentation to clarify that:
1. The

rememberMe

rememberMe

parameter affects not just browser-close behavior but also the maximum session duration
2. When

rememberMe

rememberMe

is false, the session expiration is limited regardless of the

session.expiresIn

session.expiresIn

setting
3. To achieve longer sessions as specified in

expiresIn

expiresIn

, clients must explicitly pass

rememberMe: true

rememberMe: true

during authentication

This clarification would help other developers avoid the confusion we experienced.

Thank you for the great Library

Jump to solution

Better Auth•10mo ago•

3 replies

Wadson

Session Expiration Limited to 1 Day Despite 7-Day Configuration

sessionExpiresAt: '2025-05-02 19:40:17.627',
sessionCreatedAt: '2025-05-01 19:40:17.628',
timeDiffDays: 0.999999988425926

sessionExpiresAt: '2025-05-02 19:40:17.627',
sessionCreatedAt: '2025-05-01 19:40:17.628',
timeDiffDays: 0.999999988425926

Relevant Configuration:

// auth.ts
export const auth = betterAuth({
  session: {
    expiresIn: 60 * 60 * 24 * 7, // 7 days
    updateAge: 60 * 60 * 24, // 1 day
    cookieCache: {
      enabled: true,
      maxAge: 5 * 60, // 5 minutes
    },
  },
  plugins: [
    customSession(async ({ user, session }) => {
      // Custom session logic
      return { user: { ...user }, session };
    }),
    nextCookies(),
  ],
});

// auth.ts
export const auth = betterAuth({
  session: {
    expiresIn: 60 * 60 * 24 * 7, // 7 days
    updateAge: 60 * 60 * 24, // 1 day
    cookieCache: {
      enabled: true,
      maxAge: 5 * 60, // 5 minutes
    },
  },
  plugins: [
    customSession(async ({ user, session }) => {
      // Custom session logic
      return { user: { ...user }, session };
    }),
    nextCookies(),
  ],
});

API Routes:

// app/api/auth/[...all]/route.ts
import { auth } from "@/lib/auth";
import { toNextJsHandler } from "better-auth/next-js";
 
export const { POST, GET } = toNextJsHandler(auth.handler);

// app/api/auth/[...all]/route.ts
import { auth } from "@/lib/auth";
import { toNextJsHandler } from "better-auth/next-js";
 
export const { POST, GET } = toNextJsHandler(auth.handler);

Client:

// auth-client.ts
import { createAuthClient } from "better-auth/react";
import { inferAdditionalFields } from "better-auth/client/plugins";
import { customSessionClient } from "better-auth/client/plugins";
import { auth } from "./auth";

export const authClient = createAuthClient({
  plugins: [
    inferAdditionalFields<typeof auth>(),
    customSessionClient<typeof auth>(),
  ],
  baseURL: "http://localhost:8082",
});

// auth-client.ts
import { createAuthClient } from "better-auth/react";
import { inferAdditionalFields } from "better-auth/client/plugins";
import { customSessionClient } from "better-auth/client/plugins";
import { auth } from "./auth";

export const authClient = createAuthClient({
  plugins: [
    inferAdditionalFields<typeof auth>(),
    customSessionClient<typeof auth>(),
  ],
  baseURL: "http://localhost:8082",
});

Issue Details:
1. When checking

expiresAt

expiresAt

Solution

I discovered that setting

rememberMe: true

rememberMe: true

resolved our session expiration issue. Sessions were only lasting 1 day instead of the configured 7 days.

The current documentation only states:

"rememberMe: If false, the user will be signed out when the browser is closed. (optional) (default: true)"

However, our investigation shows that

rememberMe

rememberMe

has a more significant impact than documented. When

rememberMe

rememberMe

is false (or not explicitly set to true when signing in), it appears to override the

session.expiresIn

session.expiresIn

configuration, limiting session expiration to approximately creationTime + 1 day regardless of the configured 7-day expiration.

I suggest updating the documentation to clarify that:
1. The

rememberMe

rememberMe

parameter affects not just browser-close behavior but also the maximum session duration
2. When

rememberMe

rememberMe

is false, the session expiration is limited regardless of the

session.expiresIn

session.expiresIn

setting
3. To achieve longer sessions as specified in

expiresIn

expiresIn

, clients must explicitly pass

rememberMe: true

rememberMe: true

during authentication

This clarification would help other developers avoid the confusion we experienced.

Thank you for the great Library

Jump to solution

Session Expiration Limited to 1 Day Despite 7-Day Configuration

Session Expiration Limited to 1 Day Despite 7-Day Configuration

Similar Threads

Similar Threads

Similar Threads