3 replies

`auth.api.getSession` returns null when headers from `auth.api.signInEmail` passed to it

I am trying to build a provisioning where I (SaaS provider) provisions an org and a user for a customer.

I want to use

better-auth-extended/app-invite

better-auth-extended/app-invite

(https://www.npmjs.com/package/@better-auth-extended/app-invite) for provisioning the user however that was not working after some debugging I found out that the session is being returned as null

here is a code snippet currently testing with plain node then I will port it to an express route

    console.log('signin..');
    const { headers: userHeaders, response: userRes } =
        await auth.api.signInEmail({
            body: {
                email: process.env.USER_EMAIL!,
                password: process.env.USER_PASS!,
            },
            //asResponse: true, // returns a response object instead of data
            returnHeaders: true,
        });

    console.log(userRes);
    console.log(userHeaders);

    const session = await auth.api.getSession({
        headers: userHeaders,
    });

    console.log(session);

    console.log('signin..');
    const { headers: userHeaders, response: userRes } =
        await auth.api.signInEmail({
            body: {
                email: process.env.USER_EMAIL!,
                password: process.env.USER_PASS!,
            },
            //asResponse: true, // returns a response object instead of data
            returnHeaders: true,
        });

    console.log(userRes);
    console.log(userHeaders);

    const session = await auth.api.getSession({
        headers: userHeaders,
    });

    console.log(session);

here is what is logged:

signin..
{
  redirect: false,
  token: 'K8ww01CdJkuhmfOx0MPcpIYDR092DyD1',
  url: undefined,
  user: {
    id: 'ozEBptFmCPQ5FOSorkXw7eBJVQGPBtm9',
    email: 'appdev@cloudjunction.cloud',
    name: 'CloudJunction',
    image: null,
    emailVerified: true,
    createdAt: 2025-10-13T10:36:31.156Z,
    updatedAt: 2025-10-13T10:36:31.156Z
  }
}
Headers {
  'set-cookie': 'agentjunction.session_token=K8ww01CdJkuhmfOx0MPcpIYDR092DyD1.KkD%2FUib4xp7whrhkt6s8xyXULzXT46QbV3cBvqpEPw0%3D; Max-Age=604800; Path=/; HttpOnly; SameSite=Lax'
}
null

signin..
{
  redirect: false,
  token: 'K8ww01CdJkuhmfOx0MPcpIYDR092DyD1',
  url: undefined,
  user: {
    id: 'ozEBptFmCPQ5FOSorkXw7eBJVQGPBtm9',
    email: 'appdev@cloudjunction.cloud',
    name: 'CloudJunction',
    image: null,
    emailVerified: true,
    createdAt: 2025-10-13T10:36:31.156Z,
    updatedAt: 2025-10-13T10:36:31.156Z
  }
}
Headers {
  'set-cookie': 'agentjunction.session_token=K8ww01CdJkuhmfOx0MPcpIYDR092DyD1.KkD%2FUib4xp7whrhkt6s8xyXULzXT46QbV3cBvqpEPw0%3D; Max-Age=604800; Path=/; HttpOnly; SameSite=Lax'
}
null

userHeaders

userHeaders

does have a value that I am passing to

auth.api.getSession

auth.api.getSession

and I have confirmed the session table in the db has a row with the token same as shown
yet still unable to get session

Solution

i solved it by looking at the

signInWithTestUser

signInWithTestUser

in test-utils https://github.com/better-auth/better-auth/blob/bcfd3c335cbbcee620499adca6592d86e8f4d933/packages/better-auth/src/test-utils/test-instance.ts#L236-L239

rather than passing

userHeaders

userHeaders

I changed it to

    const headers = new Headers();
    const cookies = parseSetCookieHeader(userHeaders.get('set-cookie') || '');
    const signedCookie = cookies.get('better-auth.session_token')?.value;
    headers.set('cookie', `b.session_token=${signedCookie}`);
    const session = await auth.api.getSession({
        headers,
         query: { disableCookieCache: true },
     });

    const headers = new Headers();
    const cookies = parseSetCookieHeader(userHeaders.get('set-cookie') || '');
    const signedCookie = cookies.get('better-auth.session_token')?.value;
    headers.set('cookie', `b.session_token=${signedCookie}`);
    const session = await auth.api.getSession({
        headers,
         query: { disableCookieCache: true },
     });

this is because

better-call

better-call

createInternalContext

createInternalContext

gets the cookie from the

cookie

cookie

header not

set-cookie

set-cookie

header

const requestCookies = requestHeaders?.get("cookie");

const requestCookies = requestHeaders?.get("cookie");

https://github.com/Bekacru/better-call/blob/638acd821f03cdb7016b3e4784092eef42b4cbbc/src/context.ts#L199

GitHub

better-call/src/context.ts at 638acd821f03cdb7016b3e4784092eef42b4c...

a tiny web framework for typescript. Contribute to Bekacru/better-call development by creating an account on GitHub.

GitHub

better-auth/packages/better-auth/src/test-utils/test-instance.ts at...

The most comprehensive authentication framework for TypeScript - better-auth/better-auth

Jump to solution

`auth.api.getSession` returns null when headers from `auth.api.signInEmail` passed to it

I am trying to build a provisioning where I (SaaS provider) provisions an org and a user for a customer.

I want to use

better-auth-extended/app-invite

better-auth-extended/app-invite

    console.log('signin..');
    const { headers: userHeaders, response: userRes } =
        await auth.api.signInEmail({
            body: {
                email: process.env.USER_EMAIL!,
                password: process.env.USER_PASS!,
            },
            //asResponse: true, // returns a response object instead of data
            returnHeaders: true,
        });

    console.log(userRes);
    console.log(userHeaders);

    const session = await auth.api.getSession({
        headers: userHeaders,
    });

    console.log(session);

    console.log('signin..');
    const { headers: userHeaders, response: userRes } =
        await auth.api.signInEmail({
            body: {
                email: process.env.USER_EMAIL!,
                password: process.env.USER_PASS!,
            },
            //asResponse: true, // returns a response object instead of data
            returnHeaders: true,
        });

    console.log(userRes);
    console.log(userHeaders);

    const session = await auth.api.getSession({
        headers: userHeaders,
    });

    console.log(session);

here is what is logged:

signin..
{
  redirect: false,
  token: 'K8ww01CdJkuhmfOx0MPcpIYDR092DyD1',
  url: undefined,
  user: {
    id: 'ozEBptFmCPQ5FOSorkXw7eBJVQGPBtm9',
    email: 'appdev@cloudjunction.cloud',
    name: 'CloudJunction',
    image: null,
    emailVerified: true,
    createdAt: 2025-10-13T10:36:31.156Z,
    updatedAt: 2025-10-13T10:36:31.156Z
  }
}
Headers {
  'set-cookie': 'agentjunction.session_token=K8ww01CdJkuhmfOx0MPcpIYDR092DyD1.KkD%2FUib4xp7whrhkt6s8xyXULzXT46QbV3cBvqpEPw0%3D; Max-Age=604800; Path=/; HttpOnly; SameSite=Lax'
}
null

signin..
{
  redirect: false,
  token: 'K8ww01CdJkuhmfOx0MPcpIYDR092DyD1',
  url: undefined,
  user: {
    id: 'ozEBptFmCPQ5FOSorkXw7eBJVQGPBtm9',
    email: 'appdev@cloudjunction.cloud',
    name: 'CloudJunction',
    image: null,
    emailVerified: true,
    createdAt: 2025-10-13T10:36:31.156Z,
    updatedAt: 2025-10-13T10:36:31.156Z
  }
}
Headers {
  'set-cookie': 'agentjunction.session_token=K8ww01CdJkuhmfOx0MPcpIYDR092DyD1.KkD%2FUib4xp7whrhkt6s8xyXULzXT46QbV3cBvqpEPw0%3D; Max-Age=604800; Path=/; HttpOnly; SameSite=Lax'
}
null

userHeaders

userHeaders

does have a value that I am passing to

auth.api.getSession

auth.api.getSession

and I have confirmed the session table in the db has a row with the token same as shown
yet still unable to get session

Solution

i solved it by looking at the

signInWithTestUser

signInWithTestUser

in test-utils https://github.com/better-auth/better-auth/blob/bcfd3c335cbbcee620499adca6592d86e8f4d933/packages/better-auth/src/test-utils/test-instance.ts#L236-L239

rather than passing

userHeaders

userHeaders

I changed it to

    const headers = new Headers();
    const cookies = parseSetCookieHeader(userHeaders.get('set-cookie') || '');
    const signedCookie = cookies.get('better-auth.session_token')?.value;
    headers.set('cookie', `b.session_token=${signedCookie}`);
    const session = await auth.api.getSession({
        headers,
         query: { disableCookieCache: true },
     });

    const headers = new Headers();
    const cookies = parseSetCookieHeader(userHeaders.get('set-cookie') || '');
    const signedCookie = cookies.get('better-auth.session_token')?.value;
    headers.set('cookie', `b.session_token=${signedCookie}`);
    const session = await auth.api.getSession({
        headers,
         query: { disableCookieCache: true },
     });

this is because

better-call

better-call

createInternalContext

createInternalContext

gets the cookie from the

cookie

cookie

header not

set-cookie

set-cookie

header

const requestCookies = requestHeaders?.get("cookie");

const requestCookies = requestHeaders?.get("cookie");

https://github.com/Bekacru/better-call/blob/638acd821f03cdb7016b3e4784092eef42b4cbbc/src/context.ts#L199

GitHub

better-call/src/context.ts at 638acd821f03cdb7016b3e4784092eef42b4c...

a tiny web framework for typescript. Contribute to Bekacru/better-call development by creating an account on GitHub.

GitHub

better-auth/packages/better-auth/src/test-utils/test-instance.ts at...

The most comprehensive authentication framework for TypeScript - better-auth/better-auth

Jump to solution

`auth.api.getSession` returns null when headers from `auth.api.signInEmail` passed to it

`auth.api.getSession` returns null when headers from `auth.api.signInEmail` passed to it

Similar Threads

Similar Threads

Similar Threads