signInEmail isn't properly setting cookies in production? (NextJS 15/Vercel)
Hello, I'm using Vercel to deploy my web app and everything works fine when I'm not working with a production environment or when I don't use 'useSecureCookies'. I believe that when I try to sign in via email, the cookie is not being properly set.
In auth.ts:
I have nextcookies() in my plugins and it's my last one, and I have crossSubdomainCookies activated.
In my client component for login, it's calling a server action signin.ts:
"use server";
import { auth } from "@/auth";
export const signIn = async (email: string, password: string) => {
console.log("signing in...");
try {
const response = await auth.api.signInEmail({
body: {
email,
password,
},
asResponse: true, // returns a response object instead of data
});
console.log("response from sign in", response);
if (response.status === 200) {
return true;
} else {
return false;
}
} catch (APIError) {
console.error(APIError);
throw APIError;
}
};
In my middleware, I'm fetching the session this way:
console.log("cookies", request.cookies.getAll());
const getSessionUrl = BASE_URL + "/api/auth/get-session";
console.log("getSessionUrl", getSessionUrl);
const session = await fetch(getSessionUrl, {
headers: {
cookie: request.headers.get("cookie") || "",
},
});
When I am in production, the logs show that there are no cookies.3 Replies
Also, I know I am unauthorized by going on an api route that is protected
I think i'm running into the same problem! it seems like the the response to signing in is only setting the
better-auth.session_token cookie but in production better-auth is expecting __Secure-better-auth.session_token
https://github.com/better-auth/better-auth/blob/main/packages/better-auth/src/cookies/index.ts#L250
GitHub
better-auth/packages/better-auth/src/cookies/index.ts at main · bet...
The most comprehensive authentication framework for TypeScript - better-auth/better-auth
Running into the same issue.