BA
Better Auth2mo ago
ilya

Session expires in 5 minutes. Regardless of 1 year settings. Two Set-Cookie headers

Hey, I have this setting for the session: 
  session: {
    modelName: 'auth_session',
    expiresIn: 60 * 60 * 24 * 365, // 1 year - very long session
    updateAge: 60 * 60 * 24 * 30, // Update session every 30 days
    freshAge: 0, // Disable freshness check for maximum flexibility
    cookieCache: {
      enabled: true,
      maxAge: 5 * 60, // Cache duration in seconds (5 minutes)
    },
  },

...

  advanced: {
    crossSubDomainCookies: {
      enabled: true,
      domain:
        process.env.IS_RUNNING_LOCAL === 'yes'
          ? 'localhost'
          : '.mywebsite.com',
    },
    defaultCookieAttributes: {
      sameSite: 'none',
      secure: true,
      partitioned: false,
    },
  },
  trustedOrigins: [
    'myapp://', // native app
    'https://localhost:5173',
    '*.mydomain.com',
    '*.netlify.app',
    '*.ngrok-free.app',
  ],
  session: {
    modelName: 'auth_session',
    expiresIn: 60 * 60 * 24 * 365, // 1 year - very long session
    updateAge: 60 * 60 * 24 * 30, // Update session every 30 days
    freshAge: 0, // Disable freshness check for maximum flexibility
    cookieCache: {
      enabled: true,
      maxAge: 5 * 60, // Cache duration in seconds (5 minutes)
    },
  },

...

  advanced: {
    crossSubDomainCookies: {
      enabled: true,
      domain:
        process.env.IS_RUNNING_LOCAL === 'yes'
          ? 'localhost'
          : '.mywebsite.com',
    },
    defaultCookieAttributes: {
      sameSite: 'none',
      secure: true,
      partitioned: false,
    },
  },
  trustedOrigins: [
    'myapp://', // native app
    'https://localhost:5173',
    '*.mydomain.com',
    '*.netlify.app',
    '*.ngrok-free.app',
  ],
But my users are reporting to be logged out after 5 minutes. I've noticed that when I get cookie via email-otp, it has two Set-Cookie headers that look like that better-auth.session_token=; Max-Age=31536000; Domain=.mydomain.com; Path=/; HttpOnly; Secure; SameSite=NoneI set-cookie better-auth.session_data=; Max-Age=300; Domain=.mydomain.com; Path=/; HttpOnly; Secure; SameSite=None As you can see the one cookie Max-Age is really long, and the second is just 300 seconds. Several questions: 1. Why there are two cookies? 2. How do I fix that? I want a max age for my cookies session
6 Replies
ilya
ilyaOP2mo ago
Also here is my get-session response 
{
    "session": {
        "expiresAt": "2026-07-21T19:44:47.111Z",
        "token": "***",
        "createdAt": "2025-07-21T19:44:47.111Z",
        "updatedAt": "2025-07-21T19:44:47.111Z",
        "ipAddress": "108.34.229.33",
        "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36",
        "userId": "65e8d10e056987bc69abdf75",
        "id": "pGmCpwaPJI2BcbrGxi5XSaUXN1JDiSuh"
    },
    "user": {
        "name": "Ilya",
        "email": "ilya@mything.com",
        "emailVerified": true,
        "image": "https://ik.cdn.io/thrive/lz4at0aW0W_1558DD3D-7185-433C-BE61-DD229552D.jpg",
        "createdAt": "2024-03-06T20:24:48.164Z",
        "updatedAt": "2024-03-06T20:24:48.163Z",
        "userId": "65e8d10e056987bc69abdf75",
        "subscriptionStatus": "premium",
        "id": "65e8d10e056987bc69abdf75"
    }
}
{
    "session": {
        "expiresAt": "2026-07-21T19:44:47.111Z",
        "token": "***",
        "createdAt": "2025-07-21T19:44:47.111Z",
        "updatedAt": "2025-07-21T19:44:47.111Z",
        "ipAddress": "108.34.229.33",
        "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36",
        "userId": "65e8d10e056987bc69abdf75",
        "id": "pGmCpwaPJI2BcbrGxi5XSaUXN1JDiSuh"
    },
    "user": {
        "name": "Ilya",
        "email": "ilya@mything.com",
        "emailVerified": true,
        "image": "https://ik.cdn.io/thrive/lz4at0aW0W_1558DD3D-7185-433C-BE61-DD229552D.jpg",
        "createdAt": "2024-03-06T20:24:48.164Z",
        "updatedAt": "2024-03-06T20:24:48.163Z",
        "userId": "65e8d10e056987bc69abdf75",
        "subscriptionStatus": "premium",
        "id": "65e8d10e056987bc69abdf75"
    }
}
It seems like the session is expired as soon as it's created
Vlad
Vlad2mo ago
You have two cookies because you've enabled cookie cache
Vlad
Vlad2mo ago
Vlad
Vlad2mo ago
If a session expires in exact 5 minutes, the issue might be related to cookie cache. Try disabling it and see
ilya
ilyaOP2mo ago
It solved the problem, but is it an expected behavior?
Andre
Andre2mo ago
+1, this is an unexpected behavior with cookie cache

Did you find this page helpful?