BA
Better Auth3mo ago
Shady M.D

How to set cookie in Express?

I am trying to use the better-auth api methods, I followed the docs and I did everything that was mentioned, but everytime I try to sign-in or sign-up, I find that the cookies are missing, I will share with you the code I have in case I made a mistake and I am not conscious of it: 
// handlers.ts
import type { Response } from "express";
import type { SignInRequest, SignUpRequest } from "./request-types";
import { auth } from "@/lib/auth";
import { APIError } from "better-auth/api";
import { setCookieToHeader } from "better-auth/cookies";
import { fromNodeHeaders } from "better-auth/node";
export const signIn = async (req: SignInRequest, res: Response) => {
  try {
    const { university_email, password } = req.body;
    const response = await auth.api.signInEmail({
      headers: fromNodeHeaders(req.headers),
      asResponse: true,
      returnHeaders: true,
      body: {
        email: university_email,
        password: password,
      }
    });

    setCookieToHeader(response.headers); // I just added this in hope it works
    res.status(response.status).json(response.body);
  } catch (error) {
    if (error instanceof APIError) {
      console.error("Sign-in error:", error.body);
      res.status(error.statusCode).json({ message: error.body?.message || "An error occurred during sign-in." });
      return;
    }
    console.error("Unexpected sign-in error:", error);
    res.status(500).json({ message: "An internal server error occurred." });
  }
}

// index.ts
import express from "express";
import cookieParser from "cookie-parser";
import cors from "cors";
import authRouter from "@/services/auth/routes"
import config from "@/config/config";

const authApp = express();
authApp.use(cookieParser());
authApp.use(express.urlencoded({ extended: true }));

authApp.use(
  cors({
    origin: config.server.corsOrigins,
    methods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"],
    credentials: true,
  })
);

authApp.use("/api/auth", authRouter);

export { authApp };
// handlers.ts
import type { Response } from "express";
import type { SignInRequest, SignUpRequest } from "./request-types";
import { auth } from "@/lib/auth";
import { APIError } from "better-auth/api";
import { setCookieToHeader } from "better-auth/cookies";
import { fromNodeHeaders } from "better-auth/node";
export const signIn = async (req: SignInRequest, res: Response) => {
  try {
    const { university_email, password } = req.body;
    const response = await auth.api.signInEmail({
      headers: fromNodeHeaders(req.headers),
      asResponse: true,
      returnHeaders: true,
      body: {
        email: university_email,
        password: password,
      }
    });

    setCookieToHeader(response.headers); // I just added this in hope it works
    res.status(response.status).json(response.body);
  } catch (error) {
    if (error instanceof APIError) {
      console.error("Sign-in error:", error.body);
      res.status(error.statusCode).json({ message: error.body?.message || "An error occurred during sign-in." });
      return;
    }
    console.error("Unexpected sign-in error:", error);
    res.status(500).json({ message: "An internal server error occurred." });
  }
}

// index.ts
import express from "express";
import cookieParser from "cookie-parser";
import cors from "cors";
import authRouter from "@/services/auth/routes"
import config from "@/config/config";

const authApp = express();
authApp.use(cookieParser());
authApp.use(express.urlencoded({ extended: true }));

authApp.use(
  cors({
    origin: config.server.corsOrigins,
    methods: ["GET", "POST", "PUT", "DELETE", "OPTIONS"],
    credentials: true,
  })
);

authApp.use("/api/auth", authRouter);

export { authApp };
2 Replies
BuffaloBills
BuffaloBills2mo ago
Running into the same issue where cookies are being set on client, did you find any solution @Shady M.D
Shady M.D
Shady M.DOP2mo ago
Here you go bro, these are the handlers I made to make things work, but I didn't call the endpoints by default provided by better-auth like in the docs, instead I literally used the methods directly, you'll understand better if you see the code.

handlers.txt

Did you find this page helpful?