getSessionCookie() return null is some cases
its confusing for some of us that
getSessionCookie() is not behaving like we expect for the next reasons:
- the function is not respecting the auth options specified in auth.ts
because if you import the config option it will not be compatible with edge runtime. therefore you should specify the config as the second argument if cookie name or prefix is customized.
- in dev mode if you are running your server in https:// cookies will be secured by default if you don't specify the useSecureCookies option.
and the function is only prefixing the cookie __secure- in production ignoring the code above
IMHO: It could more clear to explain this in the docs and the function should also check for request.nextUrl.origin.startsWith("https://" to add the secure prefix.17 Replies
Temporary fix:
@joseph013318 @Ravi @shadow @keks
getSessionCookie doesn't have a context about your auth config, since you can't import auth in your middleware.sure we can’t as i mention above to be edge compatible. i think the best that can be done is to clarify in the docs and also adjust the logic to check for https:// to add the secure prefix, right now if someone is using
--experimental-https in development the session cookie is prefixed with __secure- but the function is only adding the prefix in production rustling in null return
Or maybe we can just add an config option useSecureCookies: true and let the user control it. something like this
@bekacru if you agree i could help with PRsure go for it
@Ahmed Does this solves the session null issue? And infinite pending state?
I have the same problem with getSessionCookie is null.
Also when I check for cookies getAll() in the requests.
But when I do it like in the docs of next.js https://nextjs.org/docs/app/building-your-application/authentication#optimistic-checks-with-middleware-optional
The cookie is then present.
better auth doesn't store a cookie called
session unless you change the name of the cookie. For getSessionCookie make sure to provide a config for production environment.sorry I wrote it wrong, because I just copy pasted it from the next docs.
I had it correct with the default name in my code
Please explain about the config
you can pass prefix and cookie name if you have changed them in your auth config
GitHub
fix: getSessionCookie function and improve docs. by ahmed-m-abbass ...
Improved the logic in getSessionCookie() to correctly handle secure prefix and added useSecureCookies config.
closes #1487.
Hi. I migrated away from both getsession() and using auth.api for middleware. Instead I am doing the following:
const getSessionUrl = request.nextUrl.origin + "/api/auth/get-session";
const response = await fetch(getSessionUrl, {
headers: {
cookie: request.headers.get("cookie") || "",
disableCookieCache: "true",
},
credentials: "include",
});Hey @Ravi does this solve the infinite pending state issue also?
Sorry, I'm not aware of this issue. What is it?
https://github.com/better-auth/better-auth/issues/1006 This is the issue!
GitHub
useSession() not always triggering a state change · Issue #1006 ·...Is this suited for github? Yes, this is suited for github To Reproduce Sign in with email and password Use useSession() in the following component: export function AuthLayout({ children }: AppLayou...
I was trying to use getSessionCookie just now with my middleware and i kept getting null. so i replaced it with this:
this works
https://discord.com/channels/1288403910284935179/1356978452326252544
What a great guy
I hope your pillow feels cold on both sides tonight man. Have a great day