Better Auth•2w ago

Cookies not setting in turborepo project

Issue: Cookies not setting in turborepo project Hey folks, I'm running into an issue with setting cookies in a turborepo setup. Project structure: * Website A → built with TanStack Start * API → built with Hono * Shared auth package → located in /packages/auth, used by both projects. (look at the attached file) In the Hono API: I'm initializing auth like this:

import { initAuth } from "@acme/auth";

export const auth = initAuth({
  baseApiUrl: env.BASE_API_URL,
  secret: env.BETTER_AUTH_SECRET,
  socialProviders: {
    google: { clientId: env.GOOGLE_CLIENT_ID, clientSecret: env.GOOGLE_CLIENT_SECRET },
    facebook: { clientId: env.FACEBOOK_CLIENT_ID, clientSecret: env.FACEBOOK_CLIENT_SECRET },
    microsoft: { clientId: env.MICROSOFT_CLIENT_ID, clientSecret: env.MICROSOFT_CLIENT_SECRET },
    apple: {
      clientId: env.APPLE_CLIENT_ID,
      clientSecret: env.APPLE_CLIENT_SECRET,
      appBundleIdentifier: env.APPLE_APP_BUNDLE_IDENTIFIER,
    },
  },
});

import { initAuth } from "@acme/auth";

export const auth = initAuth({
  baseApiUrl: env.BASE_API_URL,
  secret: env.BETTER_AUTH_SECRET,
  socialProviders: {
    google: { clientId: env.GOOGLE_CLIENT_ID, clientSecret: env.GOOGLE_CLIENT_SECRET },
    facebook: { clientId: env.FACEBOOK_CLIENT_ID, clientSecret: env.FACEBOOK_CLIENT_SECRET },
    microsoft: { clientId: env.MICROSOFT_CLIENT_ID, clientSecret: env.MICROSOFT_CLIENT_SECRET },
    apple: {
      clientId: env.APPLE_CLIENT_ID,
      clientSecret: env.APPLE_CLIENT_SECRET,
      appBundleIdentifier: env.APPLE_APP_BUNDLE_IDENTIFIER,
    },
  },
});

CORS + route setup:

app.use("/api/auth/*", cors({
  origin: ORIGIN_URLS,
  credentials: true,
  allowHeaders: ["Content-Type", "Authorization"],
  allowMethods: ["POST", "GET", "OPTIONS"],
}));

app.on(["POST", "GET"], "/api/auth/*", (c) => {
  return auth.handler(c.req.raw);
});

app.use("/api/auth/*", cors({
  origin: ORIGIN_URLS,
  credentials: true,
  allowHeaders: ["Content-Type", "Authorization"],
  allowMethods: ["POST", "GET", "OPTIONS"],
}));

app.on(["POST", "GET"], "/api/auth/*", (c) => {
  return auth.handler(c.req.raw);
});

In the TanStack Start website: I’m initializing the client like this:

const authClient = createAuthClient({
  baseURL: BASE_API_URL,
  plugins: [inferAdditionalFields<Auth>(), phoneNumberClient()],
  fetchOptions: {
    referrerPolicy: "no-referrer-when-downgrade",
    credentials: "include", // important for cookies
  },
});

const authClient = createAuthClient({
  baseURL: BASE_API_URL,
  plugins: [inferAdditionalFields<Auth>(), phoneNumberClient()],
  fetchOptions: {
    referrerPolicy: "no-referrer-when-downgrade",
    credentials: "include", // important for cookies
  },
});

Problem: When calling authClient.signIn.email(...), the backend does respond with a Set-Cookie header, but the cookie is not actually set in the browser. As a result, the redirect works visually, but on /dashboard, the user isn't authenticated because there's no session cookie. Extra context: I'm using this on the server side to check the session before each page load:

const getUser = createServerFn({ method: "GET" }).handler(async () => {
  const request = getWebRequest();
  if (!request?.headers) return null;
  const session = await auth.api.getSession({ headers: request.headers });
  return session?.user ?? null;
});

const getUser = createServerFn({ method: "GET" }).handler(async () => {
  const request = getWebRequest();
  if (!request?.headers) return null;
  const session = await auth.api.getSession({ headers: request.headers });
  return session?.user ?? null;
});

Things I've already set: Anyone run into this in a monorepo/turborepo setup? Would appreciate any tips 🙏

auth.ts

0 Replies

No replies yetBe the first to reply to this messageJoin

Gaming

Programming

Cookies not setting in turborepo project

Did you find this page helpful?