What happens if the session freshness check fails ?
What happens if the session freshness check fails ? How do I prompt the user to refresh their session ?
2 Replies
@Better Auth What happens if the session freshness check fails ? And also, how can I prompt the user to refresh their session ?
When Better Auth “checks” session freshness—by comparing how much time has passed since the last refresh (via the configured updateAge)—it will attempt to update the session’s expiration (both in the database and, optionally, in the session cookie). If that refresh fails (for example, due to a misconfigured cookieCache or a network issue preventing the successful call to getSession) then the session remains stale. Over time this means that although the backend may extend the session record, the client’s cookie doesn’t get the renewed expiry and the user will eventually be treated as logged out [8], [19].
To prompt the user to refresh their session proactively, you can implement a client-side mechanism that periodically calls Better Auth’s getSession endpoint. If you notice that the session isn’t updating—say, by checking that the expiration timestamp hasn’t changed—you could display a friendly prompt or automatically trigger actions (like a silent page refresh or a re-authentication flow) so the user revalidates their login. This approach aligns with advanced session management strategies in Better Auth where the focus is on keeping session state current without disrupting the user experience [1], [10].
Sources:
[1] demo (nextjs): Avoid page refresh on session termination
[8] Session cookie maxAge is not refreshed
[10] Session does not refresh everytime when
updateAge is explicitly set to 0
[19] customSession with cookieCache enabled not returning Set-Cookie header for session_tokenGitHub
better-auth/better-auth
The most comprehensive authentication framework for TypeScript - better-auth/better-auth
GitHub
better-auth/better-auth
The most comprehensive authentication framework for TypeScript - better-auth/better-auth
GitHub
better-auth/better-auth
The most comprehensive authentication framework for TypeScript - better-auth/better-auth
GitHub
demo (nextjs): Avoid page refresh on session termination by theinfi...
don't refresh when session from other devices is terminated. Instead, update list of active sessions on success
refresh happens only when current session is terminated to finish log out
De...