Better Auth•3w ago

A Node.js api is used which is not supported in the edge runtime

Using better auth I get this error: $ next build ▲ Next.js 15.3.3 - Environments: .env.local Creating an optimized production build ... ⚠ Compiled with warnings in 1000ms ./node_modules/better-auth/dist/shared/better-auth.DgGir396.mjs A Node.js API is used (process.platform at line: 74) which is not supported in the Edge Runtime. Learn more: https://nextjs.org/docs/api-reference/edge-runtime Import trace for requested module: ./node_modules/better-auth/dist/shared/better-auth.DgGir396.mjs ./node_modules/better-auth/dist/cookies/index.mjs ✓ Compiled successfully in 55s but getCookieCache is designed for the edge runtime so it should be fine to use, no?

API Reference: Edge Runtime | Next.js

API Reference for the Edge Runtime.

11 Replies

michidkOP•3w ago

@Better Auth my middleware: My middleware:

import { getCookieCache } from "better-auth/cookies";
import { type NextRequest, NextResponse } from "next/server";
import { cookiePrefix } from "./lib/auth/config/shared";
import { getLoginUrl } from "./lib/auth/utils";

export async function middleware(request: NextRequest) {
    const { pathname } = request.nextUrl;

    // Liveness probe
    if (pathname === "/healthz") {
        return new Response("OK", { status: 200 });
    }

    // Auth routes are handled by better-auth
    if (pathname.startsWith("/api/auth")) {
        return NextResponse.next();
    }

    const session = await getCookieCache(request, {
        cookiePrefix,
    });
    const isMaybeAuthenticated = !!session;

    if (["/login"].includes(pathname)) {
        return isMaybeAuthenticated
            ? NextResponse.redirect(new URL("/", request.url))
            : NextResponse.next();
    }

    // Redirect to login if not authenticated
    if (!isMaybeAuthenticated) {
        const callbackPath =
            pathname !== "/" && pathname !== "/login"
                ? pathname + request.nextUrl.search
                : undefined;
        const loginUrl = getLoginUrl(request.url, callbackPath);
        return NextResponse.redirect(loginUrl);
    }

    // Allow if authenticated
    return NextResponse.next();
}

export const config = {
    matcher: [
"/((?!api|_next/static|_next/image|favicon.ico|sitemap.xml|robots.txt|background.jpeg).*)",
    ],
};

import { getCookieCache } from "better-auth/cookies";
import { type NextRequest, NextResponse } from "next/server";
import { cookiePrefix } from "./lib/auth/config/shared";
import { getLoginUrl } from "./lib/auth/utils";

export async function middleware(request: NextRequest) {
    const { pathname } = request.nextUrl;

    // Liveness probe
    if (pathname === "/healthz") {
        return new Response("OK", { status: 200 });
    }

    // Auth routes are handled by better-auth
    if (pathname.startsWith("/api/auth")) {
        return NextResponse.next();
    }

    const session = await getCookieCache(request, {
        cookiePrefix,
    });
    const isMaybeAuthenticated = !!session;

    if (["/login"].includes(pathname)) {
        return isMaybeAuthenticated
            ? NextResponse.redirect(new URL("/", request.url))
            : NextResponse.next();
    }

    // Redirect to login if not authenticated
    if (!isMaybeAuthenticated) {
        const callbackPath =
            pathname !== "/" && pathname !== "/login"
                ? pathname + request.nextUrl.search
                : undefined;
        const loginUrl = getLoginUrl(request.url, callbackPath);
        return NextResponse.redirect(loginUrl);
    }

    // Allow if authenticated
    return NextResponse.next();
}

export const config = {
    matcher: [
"/((?!api|_next/static|_next/image|favicon.ico|sitemap.xml|robots.txt|background.jpeg).*)",
    ],
};

Better Auth•3w ago

Hi there! Your middleware implementation looks well structured and follows our recommended pattern of optimistically checking for the session cookie to handle routing without making extra HTTP or database calls [4]. Here are a few key points to keep in mind: 1. By using your custom getCookieCache function with the cookiePrefix from your auth config, you’re ensuring that the middleware checks for the correct cookie. Make sure that this configuration matches the one defined in your Better Auth setup so the cookie is correctly recognized [4], [12]. 2. Your logic for handling different routes is spot on:
- The health check route ("/healthz") is excluded from authentication, which keeps your liveness probe lightweight.
- API routes ("/api/auth") bypass this check, ensuring that auth-handling within your API remains uninterrupted.
- For non-auth routes, you redirect unauthenticated users to the login page using a callback if needed—this is a best practice to provide a smooth user experience [4]. 3. One important reminder is that while getCookieCache (or getSessionCookie in our docs) offers an efficient way to check for a session cookie, it does not perform full session validation. For any critical or protected actions, ensure that you verify the session data on the server side separately, as outlined in our security recommendations [4]. Your middleware is concise and aligns well with our documentation’s guidance. If you need further optimization or run into any issues, feel free to ask!

GitHub

better-auth/better-auth

The most comprehensive authentication framework for TypeScript - better-auth/better-auth

Better Auth•3w ago

Sources: [4] Next.js integration | Better Auth [12] Update middleware docs to use cookies for protected routes

Next.js integration | Better Auth

Integrate Better Auth with Next.js.

GitHub

Update middleware docs to use cookies for protected routes · Issue...

Describe the solution you'd like According to Next.js head of developer relations (https://www.youtube.com/watch?si=_rgPzz8PHodJpQjO&t=682&v=N_sUsq_y10U&feature=youtu.be) it is agai...

michidkOP•3w ago

@Better Auth why do I get this error then? $ next build ▲ Next.js 15.3.3
Environments: .env.local Creating an optimized production build ... ⚠ Compiled with warnings in 1000ms ./node_modules/better-auth/dist/shared/better-auth.DgGir396.mjs A Node.js API is used (process.platform at line: 74) which is not supported in the Edge Runtime. Learn more: https://nextjs.org/docs/api-reference/edge-runtime Import trace for requested module: ./node_modules/better-auth/dist/shared/better-auth.DgGir396.mjs ./node_modules/better-auth/dist/cookies/index.mjs ✓ Compiled successfully in 55s

API Reference: Edge Runtime | Next.js

API Reference for the Edge Runtime.

Better Auth•3w ago

Hi there! This error appears because a Better Auth module (the shared cookies helper) is using a Node.js API—in this case, accessing process.platform—which isn’t available in the Edge Runtime. Next.js’ Edge Runtime restricts certain Node.js APIs, so if you’re running Better Auth code on an edge-enabled route or middleware, it triggers this warning [4][10]. To resolve this, you can adjust your configuration so that your Better Auth endpoints run using the Node.js runtime instead of the Edge Runtime. You might do this by configuring your Next.js API routes or middleware to use the Node.js runtime explicitly. Let me know if you need further details on how to set that up! Sources: [4] Error: The edge runtime does not support Node.js 'crypto' module [10] Middleware.ts - Error: The edge runtime does not support Node.js 'crypto' module.

GitHub

Error: The edge runtime does not support Node.js 'crypto' module ·...

Is this suited for github? Yes, this is suited for github To Reproduce What I did: I create new next js app to try out better auth I follow the installation guide here I install mongo db adapter gu...

GitHub

Middleware.ts - Error: The edge runtime does not support Node.js 'c...

Is this suited for github? Yes, this is suited for github To Reproduce Is it not possible to use auth in next middleware? middleware.ts import { NextResponse, NextRequest } from 'next/server&#3...

michidkOP•3w ago

@Better Auth but isn't getCookieCache compatible with the edge runtime?

Better Auth•3w ago

Currently, getCookieCache isn’t fully supported in edge runtimes. While Better Auth’s cookie methods work well on traditional Node.js servers, functions like getCookieCache (and related ones such as getSessionCookie) have been known to return null or behave unexpectedly when running in edge environments (as noted with similar issues in Next.js Edge Runtime [3]). This happens largely because edge environments lack some Node.js standard modules (e.g., crypto) and handle cookie decoding a bit differently [1], [8]. If you plan to deploy on an edge runtime, you might need to consider alternate cookie handling approaches or check for upcoming releases that improve compatibility. Sources: [1] getCookieCache returns null [3] getSessionCookie Returns null in Next.js 15.2 Edge Runtime [8] The edge runtime does not support Node.js 'crypto' module.

GitHub

better-auth/better-auth

The most comprehensive authentication framework for TypeScript - better-auth/better-auth

GitHub

better-auth/better-auth

The most comprehensive authentication framework for TypeScript - better-auth/better-auth

GitHub

better-auth/better-auth

The most comprehensive authentication framework for TypeScript - better-auth/better-auth

GitHub

getCookieCache returns null · Issue #2941 · better-auth/better-auth

Is this suited for github? Yes, this is suited for github To Reproduce Enable cookieCache session: { cookieCache: { enabled: true, maxAge: 5 * 60, } } Try to access the cookie session value from th...

GitHub

getSessionCookie Returns null in Next.js 15.2 Edge Runtime · Issue...

Is this suited for github? Yes, this is suited for github To Reproduce Set up a Next.js 15.2.1 project with better-auth version 1.2.3. Implement the middleware.ts as follows: import { NextRequest,...

michidkOP•3w ago

@Better Auth what is the best alternative cookie handling? give me example code

Better Auth•3w ago

Here's an example of how you can override Better Auth’s default cookie handling by specifying custom cookie options. This allows you to control attributes like the cookie name, domain, security flags, and more. For instance, if you need to scope your session cookie to a particular domain or use a custom prefix, you can do so as follows [2]:

import { betterAuth } from "better-auth";

export const auth = betterAuth({
  advanced: {
    // Change the cookie prefix to "my-app" instead of the default "better-auth"
    cookiePrefix: "my-app",
    cookies: {
      // Override the default session token cookie
      session_token: {
        // Set a custom cookie name (e.g., including the domain to scope it)
        name: "example.com.my-app.session_token",
        attributes: {
          httpOnly: true,
          secure: process.env.NODE_ENV === "production",
          // You can set other attributes such as sameSite, domain, etc.
          sameSite: "lax",
          // For cross-subdomain support, you might even enable crossSubDomainCookies in your config
          // domain: "example.com",
          path: "/",
        },
      },
      // You can override additional cookies if necessary
      session_data: {
        name: "example.com.my-app.session_data",
        attributes: {
          httpOnly: true,
          secure: process.env.NODE_ENV === "production",
          sameSite: "lax",
          path: "/",
        },
      },
    },
    // Optionally, you can use built-in crossSubDomainCookies configuration
    crossSubDomainCookies: {
      enabled: true,
      domain: "example.com",
    },
  },
});

import { betterAuth } from "better-auth";

export const auth = betterAuth({
  advanced: {
    // Change the cookie prefix to "my-app" instead of the default "better-auth"
    cookiePrefix: "my-app",
    cookies: {
      // Override the default session token cookie
      session_token: {
        // Set a custom cookie name (e.g., including the domain to scope it)
        name: "example.com.my-app.session_token",
        attributes: {
          httpOnly: true,
          secure: process.env.NODE_ENV === "production",
          // You can set other attributes such as sameSite, domain, etc.
          sameSite: "lax",
          // For cross-subdomain support, you might even enable crossSubDomainCookies in your config
          // domain: "example.com",
          path: "/",
        },
      },
      // You can override additional cookies if necessary
      session_data: {
        name: "example.com.my-app.session_data",
        attributes: {
          httpOnly: true,
          secure: process.env.NODE_ENV === "production",
          sameSite: "lax",
          path: "/",
        },
      },
    },
    // Optionally, you can use built-in crossSubDomainCookies configuration
    crossSubDomainCookies: {
      enabled: true,
      domain: "example.com",
    },
  },
});

In this example, we're specifying a custom cookie prefix as well as custom names and attributes for the session cookies. This approach gives you full control and is considered best practice when you need

Better Auth•3w ago

to manage multiple environments or restrict cookie exposure [2]. Sources: [2] Cookies | Better Auth

Cookies | Better Auth

Learn how cookies are used in Better Auth.

michidkOP•3w ago

created https://github.com/better-auth/better-auth/issues/5120

GitHub

Docs recommend getCookieCache(), which is not compatible with Nex...

Is this suited for github? Yes, this is suited for github To Reproduce Implement the middleware mentioned here: https://www.better-auth.com/docs/integrations/next#middleware import { getCookieCache...

Gaming

Programming

A Node.js api is used which is not supported in the edge runtime

Did you find this page helpful?