BA
Better Auth•4mo ago
RME

Session cookie not being created

As title states, I can login using the api fine. The sessions are created in the database. However, no cookies are being made and thus the sessions always result in null. I tried experimenting with subdomain cookies where the behaviour first started, but now I can't get the cookies to create at all anymore in any browser. I don't have anything special in the auth object: 
import { betterAuth } from "better-auth";
import { admin, organization } from "better-auth/plugins";
import { drizzleAdapter } from "better-auth/adapters/drizzle";
import { db } from "~/lib/database/db.server";
import { env } from "~/lib/env.server";
import * as schema from "~/lib/database/schema";

console.log(process.env.BASE_URL, env.APP_SUB_DOMAIN, env.PUBLIC_ROOT_DOMAIN);

export const auth = betterAuth({
  baseURL: process.env.BASE_URL, //http://localhost:5173
  secret: env.BETTER_AUTH_SECRET,
  database: drizzleAdapter(db, {
    provider: env.DB_TYPE.toLowerCase() as "pg" | "mysql" | "sqlite", //sqlite
    schema: schema,
  }),
  emailAndPassword: {
    enabled: true,
    autoSignIn: true,
    requireEmailVerification: false,
    sendResetPassword: async ({ user, url, token }) => {
      if (process.env.NODE_ENV === "development") {
        console.log("Send email to reset password");
        console.log(user, url, token);
      } else {
        // Send email
      }
    },
  },
  user: {
    deleteUser: {
      enabled: true,
    },
  },
  plugins: [admin(), organization()],
});
import { betterAuth } from "better-auth";
import { admin, organization } from "better-auth/plugins";
import { drizzleAdapter } from "better-auth/adapters/drizzle";
import { db } from "~/lib/database/db.server";
import { env } from "~/lib/env.server";
import * as schema from "~/lib/database/schema";

console.log(process.env.BASE_URL, env.APP_SUB_DOMAIN, env.PUBLIC_ROOT_DOMAIN);

export const auth = betterAuth({
  baseURL: process.env.BASE_URL, //http://localhost:5173
  secret: env.BETTER_AUTH_SECRET,
  database: drizzleAdapter(db, {
    provider: env.DB_TYPE.toLowerCase() as "pg" | "mysql" | "sqlite", //sqlite
    schema: schema,
  }),
  emailAndPassword: {
    enabled: true,
    autoSignIn: true,
    requireEmailVerification: false,
    sendResetPassword: async ({ user, url, token }) => {
      if (process.env.NODE_ENV === "development") {
        console.log("Send email to reset password");
        console.log(user, url, token);
      } else {
        // Send email
      }
    },
  },
  user: {
    deleteUser: {
      enabled: true,
    },
  },
  plugins: [admin(), organization()],
});
And I'm quite stumped. It worked for a second, I don't think I change anything and now it refuses to do anything cookie related. EDIT: forgot to mention this is in development on localhost
26 Replies
gem
gem•4mo ago
I also have the same problem, it only sets a session using client side "signIn" function
RME
RMEOP•4mo ago
Any chance it is intended considering the cookie is client side? Seems pretty unintuitive to me not gonna lie. But I'm not a very proficient programmer
gem
gem•4mo ago
someone replied to the post that i made
gem
gem•4mo ago
okay i found the solution you just need to follow this https://www.better-auth.com/docs/concepts/api
API | Better Auth
Better Auth API.
gem
gem•4mo ago
for returning the session and getting the session for example const {headers} = await auth.api.signInEmail({ returnHeaders: true, body: { email, password, }, asResponse: true, }) return { status: "success", Response: redirect("/dashboard", { headers, }), }
RME
RMEOP•4mo ago
you're a life safer! thank you so much!
dolarshop
dolarshop•4mo ago
Was your issue after logging in the cookie isn't being sent to the browser? I'm having that issue right now. It was working but it stopped issuing out the cookie after signing in with email & password
RME
RMEOP•4mo ago
yes, only using the server side api though. did you change crossSubDomain?
dolarshop
dolarshop•4mo ago
i redacted some information but here's my setup
No description
dolarshop
dolarshop•4mo ago
should i remove the crossSubDomain? Yeah, my server is independant. I have a frontend and mobile that communicates to it.
RME
RMEOP•4mo ago
so from what I've gathered in my own setup the crossSubDomain instantly causes the cookie to fail to be set. Really unsure why, whether it's a bug or whether I'm misunderstanding how crossSubDomain cookies work
dolarshop
dolarshop•4mo ago
I've literally tried everything haha it's driving me mad. So your setup is fixed?
RME
RMEOP•4mo ago
without cross sub domain hahaha, currently I have two allowed origins and base url is set to be my app domain. but it causes two different sessions to be possible what i haven't tried yet is crossSubDomain set to false and passing domain: '.example.com'
dolarshop
dolarshop•4mo ago
I just fixed it! hahaha including the crossSubDomain
dolarshop
dolarshop•4mo ago
Not sure what you're using as a server but im using hono so i needed to amount then in the better auth config, i had to add basePath so '/api/v1/auth' and it worked
No description
No description
RME
RMEOP•4mo ago
Glad! I'm using RRv7/Remix fullstack. My cross sub domain cookies dont work period so it's most likely user error haha
dolarshop
dolarshop•4mo ago
ahhh got it! lol i spent too long on this
RME
RMEOP•4mo ago
This is my setup in case anyone smarter can figure it out. tried everything basically
No description
RME
RMEOP•4mo ago
tbf maybe it just doesn't work on localhost
dolarshop
dolarshop•4mo ago
What does your sign in code look like? Also have you tried to do the bare minimum config to see if it works?
RME
RMEOP•4mo ago
Both of these actions work fine when crossSubDomain is disabled, and instantly fail to set the cookie when it is enabled. Eve with minimum config.
No description
gem
gem•4mo ago
you don't need to use the authClient signIn email because you are already using the server side authentication the clientAction whole purpose now is the error handling using client components (e.g toasts) on the client side you should use the serverAction() from remix/rr7 that will execute/ping the server-side action function
RME
RMEOP•4mo ago
I know! I tried out authClient to see if that would fix the issue with crossSubDomain cookies not working. Both work fine in their own way, but I read in #general that the authClient can do rate limiting on its own while with the api you need to do it manually? Regardless both work fine I just sent both of them here to show that for both the crossSubDomain cookies aren't working
gem
gem•4mo ago
oh okay, mb I can't read lol. does it really do rate limiting? when using authClient? can you forward here so that i can take a look also. 🙂
RME
RMEOP•4mo ago
This is the message I saw yday, not sure if it's applicable to rrv7 but I'd assume so but error handling in client side imo is not as great, though that's most likely just a skill issue on my part
gem
gem•4mo ago
It's not just you; if you're used to server-side error handling, you'll hate error handling on the client side.

Did you find this page helpful?