[Admin Plugin] Session not updated when user is updated

I'm using secondary storage, and when I make any type of user update through admin plugin, session is not updated. I was trying to use authClient.admin.setRole(), but noticed session isn't updated at all after this or any other update. Is that a bug?

NullOP•5/21/25, 2:34 AM

NullOP•5/21/25, 2:36 AM

Could you help me with this @Ping ?

NullOP•5/21/25, 2:40 AM

Okay, I see, it happens because

updateUser

updateUser

has this line:

/**
* Update the session cookie with the new user data
*/
await setSessionCookie(ctx, {
    session: session.session,
    user,
});

/**
* Update the session cookie with the new user data
*/
await setSessionCookie(ctx, {
    session: session.session,
    user,
});

I think at least activeSessionsactiveSessions should be updated in this case, I understand why it might not be a good default, but adding an optional setting for this would be really helpful.

Ping•5/21/25, 12:33 PM

Why would session need to update?

PPing Why would session need to update?

FalconiZzare•5/21/25, 8:17 PM

He is probably getting Name from session?

PPing Why would session need to update?

NullOP•5/21/25, 9:05 PM

Permission checks are done using user at the session, so if session isn't updated, user would need to logout to have role updated.

NullOP•5/21/25, 9:08 PM

From userHasPermission code:

const user = session?.user ||
((await ctx.context.internalAdapter.findUserById(
    ctx.body.userId as string,
)) as { role?: string; id: string }) ||
(ctx.body.role ? { id: "", role: ctx.body.role } : null);

const user = session?.user ||
((await ctx.context.internalAdapter.findUserById(
    ctx.body.userId as string,
)) as { role?: string; id: string }) ||
(ctx.body.role ? { id: "", role: ctx.body.role } : null);

NullOP•5/21/25, 9:09 PM

Also, I think would be dangerous to keep sessions with an old role saved/active.

NNull I'm using secondary storage, and when I make any type of user update through adm...

NullOP•5/23/25, 9:47 PM

@bekacru do you think that could be included in better-auth? If so, please tell me so I can work on making a PR changing this.

const user = session?.user || ((await ctx.context.internalAdapter.findUserById( ctx.body.userId as string, )) as { role?: string; id: string }) || (ctx.body.role ? { id: "", role: ctx.body.role } : null);

[Admin Plugin] Session not updated when user is updated

Similar Threads

Similar Threads

Similar Threads