Better AuthBA
Better Auth3mo ago
BilalZ

`auth.api.getSession` returns null when headers from `auth.api.signInEmail` passed to it

I am trying to build a provisioning where I (SaaS provider) provisions an org and a user for a customer.



I want to use better-auth-extended/app-invite (https://www.npmjs.com/package/@better-auth-extended/app-invite) for provisioning the user however that was not working after some debugging I found out that the session is being returned as null

here is a code snippet currently testing with plain node then I will port it to an express route

    console.log('signin..');
    const { headers: userHeaders, response: userRes } =
        await auth.api.signInEmail({
            body: {
                email: process.env.USER_EMAIL!,
                password: process.env.USER_PASS!,
            },
            //asResponse: true, // returns a response object instead of data
            returnHeaders: true,
        });

    console.log(userRes);
    console.log(userHeaders);

    const session = await auth.api.getSession({
        headers: userHeaders,
    });

    console.log(session);


here is what is logged:
signin..
{
  redirect: false,
  token: 'K8ww01CdJkuhmfOx0MPcpIYDR092DyD1',
  url: undefined,
  user: {
    id: 'ozEBptFmCPQ5FOSorkXw7eBJVQGPBtm9',
    email: 'appdev@cloudjunction.cloud',
    name: 'CloudJunction',
    image: null,
    emailVerified: true,
    createdAt: 2025-10-13T10:36:31.156Z,
    updatedAt: 2025-10-13T10:36:31.156Z
  }
}
Headers {
  'set-cookie': 'agentjunction.session_token=K8ww01CdJkuhmfOx0MPcpIYDR092DyD1.KkD%2FUib4xp7whrhkt6s8xyXULzXT46QbV3cBvqpEPw0%3D; Max-Age=604800; Path=/; HttpOnly; SameSite=Lax'
}
null


userHeaders does have a value that I am passing to auth.api.getSession and I have confirmed the session table in the db has a row with the token same as shown
yet still unable to get session
Solution
i solved it by looking at the signInWithTestUser in test-utils https://github.com/better-auth/better-auth/blob/bcfd3c335cbbcee620499adca6592d86e8f4d933/packages/better-auth/src/test-utils/test-instance.ts#L236-L239

rather than passing userHeaders I changed it to

    const headers = new Headers();
    const cookies = parseSetCookieHeader(userHeaders.get('set-cookie') || '');
    const signedCookie = cookies.get('better-auth.session_token')?.value;
    headers.set('cookie', `b.session_token=${signedCookie}`);
    const session = await auth.api.getSession({
        headers,
         query: { disableCookieCache: true },
     });


this is because better-call's createInternalContext gets the cookie from the cookie header not set-cookie header

const requestCookies = requestHeaders?.get("cookie");


https://github.com/Bekacru/better-call/blob/638acd821f03cdb7016b3e4784092eef42b4cbbc/src/context.ts#L199
GitHub
better-call/src/context.ts at 638acd821f03cdb7016b3e4784092eef42b4c...
a tiny web framework for typescript. Contribute to Bekacru/better-call development by creating an account on GitHub.
GitHub
better-auth/packages/better-auth/src/test-utils/test-instance.ts at...
The most comprehensive authentication framework for TypeScript - better-auth/better-auth
Jump to solution
Was this page helpful?