Better Auth•2w ago

[Admin Plugin] Session not updated when user is updated

I'm using secondary storage, and when I make any type of user update through admin plugin, session is not updated. I was trying to use authClient.admin.setRole(), but noticed session isn't updated at all after this or any other update. Is that a bug?

4 Replies

NullOP•2w ago

Related to https://discord.com/channels/1288403910284935179/1367653484496683169 Could you help me with this @Ping ? Okay, I see, it happens because updateUser has this line:

/**
* Update the session cookie with the new user data
*/
await setSessionCookie(ctx, {
    session: session.session,
    user,
});

/**
* Update the session cookie with the new user data
*/
await setSessionCookie(ctx, {
    session: session.session,
    user,
});

I think at least activeSessions should be updated in this case, I understand why it might not be a good default, but adding an optional setting for this would be really helpful.

Ping•2w ago

Why would session need to update?

FalconiZzare•2w ago

He is probably getting Name from session?

NullOP•2w ago

Permission checks are done using user at the session, so if session isn't updated, user would need to logout to have role updated. From userHasPermission code:

const user = session?.user ||
((await ctx.context.internalAdapter.findUserById(
    ctx.body.userId as string,
)) as { role?: string; id: string }) ||
(ctx.body.role ? { id: "", role: ctx.body.role } : null);

const user = session?.user ||
((await ctx.context.internalAdapter.findUserById(
    ctx.body.userId as string,
)) as { role?: string; id: string }) ||
(ctx.body.role ? { id: "", role: ctx.body.role } : null);

Also, I think would be dangerous to keep sessions with an old role saved/active. @bekacru do you think that could be included in better-auth? If so, please tell me so I can work on making a PR changing this.

Gaming

Programming

[Admin Plugin] Session not updated when user is updated

Did you find this page helpful?