getSessionCookie() return null is some cases

its confusing for some of us that

getSessionCookie()

getSessionCookie()

is not behaving like we expect for the next reasons:

the function is not respecting the auth options specified in

auth.ts

auth.ts

advanced: {
cookies: {
  session_token: {
    name: "custom_session_token",
  },
},
cookiePrefix: custom_cookie_prefix,
 useSecureCookies: true
}

advanced: {
cookies: {
  session_token: {
    name: "custom_session_token",
  },
},
cookiePrefix: custom_cookie_prefix,
 useSecureCookies: true
}

because if you import the config option it will not be compatible with edge runtime. therefore you should specify the config as the second argument if cookie name or prefix is customized.

  const sessionCookie = getSessionCookie(request, {
      cookiePrefix: custom_cookie_prefix,
              cookieName: custom_cookie_name
  });

  const sessionCookie = getSessionCookie(request, {
      cookiePrefix: custom_cookie_prefix,
              cookieName: custom_cookie_name
  });

in dev mode if you are running your server in

https://

https://

cookies will be secured by default if you don't specify the

useSecureCookies

useSecureCookies

option.

const secure =
  options.advanced?.useSecureCookies !== undefined
      ? options.advanced?.useSecureCookies
      : options.baseURL !== undefined
          ? options.baseURL.startsWith("https://")
              ? true
              : false
          : isProduction;

const secure =
  options.advanced?.useSecureCookies !== undefined
      ? options.advanced?.useSecureCookies
      : options.baseURL !== undefined
          ? options.baseURL.startsWith("https://")
              ? true
              : false
          : isProduction;

and the function is only prefixing the cookie

__secure-

__secure-

in production ignoring the code above

const name = isProduction
      ? `__Secure-${cookiePrefix}.${cookieName}`
      : `${cookiePrefix}.${cookieName}`;

const name = isProduction
      ? `__Secure-${cookiePrefix}.${cookieName}`
      : `${cookiePrefix}.${cookieName}`;

IMHO: It could more clear to explain this in the docs and the function should also check for

request.nextUrl.origin.startsWith("https://"

request.nextUrl.origin.startsWith("https://"

to add the secure prefix.

AhmedOP•3/6/25, 11:10 PM

Temporary fix:

@joseph013318 @Ravi @shadow @keks

AAhmed its confusing for some of us that `getSessionCookie()` is not behaving like we e...

bekacru•3/7/25, 4:14 AM

doesn't have a context about your auth config, since you can't import

auth

auth

in your middleware.

Bbekacru `getSessionCookie` doesn't have a context about your auth config, since you can'...

AhmedOP•3/7/25, 4:48 AM

sure we can’t as i mention above to be edge compatible. i think the best that can be done is to clarify in the docs and also adjust the logic to check for https:// to add the secure prefix, right now if someone is using in development the session cookie is prefixed with
__secure-
__secure-
but the function is only adding the prefix in production rustling in null return

Or maybe we can just add an config option and let the user control it. something like this

AhmedOP•3/7/25, 4:54 AM

@bekacru if you agree i could help with PR

AAhmed sure we can’t as i mention above to be edge compatible. i think the best that ca...

bekacru•3/7/25, 5:11 AM

sure go for it

AAhmed Temporary fix: ```javascript const sessionCookie = getSessionCookie(request,...

joseph013318•3/7/25, 6:02 AM

@Ahmed Does this solves the session null issue? And infinite pending state?

Vinz•3/7/25, 9:11 AM

I have the same problem with getSessionCookie is null.
Also when I check for cookies getAll() in the requests.

But when I do it like in the docs of next.js https://nextjs.org/docs/app/building-your-application/authentication#optimistic-checks-with-middleware-optional

The cookie is then present.

VVinz I have the same problem with getSessionCookie is null. Also when I check for coo...

bekacru•3/7/25, 9:24 AM

better auth doesn't store a cookie called

session

session

unless you change the name of the cookie. For make sure to provide a config for production environment.

Vinz•3/7/25, 9:46 AM

sorry I wrote it wrong, because I just copy pasted it from the next docs.
I had it correct with the default name in my code

Bbekacru better auth doesn't store a cookie called `session` unless you change the name o...

joseph013318•3/7/25, 12:15 PM

Please explain about the config

Jjoseph013318 Please explain about the config

bekacru•3/7/25, 1:17 PM

you can pass prefix and cookie name if you have changed them in your auth config

Bbekacru sure go for it

AhmedOP•3/7/25, 4:54 PM

https://github.com/better-auth/better-auth/pull/1716

GitHub

fix: getSessionCookie function and improve docs. by ahmed-m-abbass ...

Improved the logic in getSessionCookie() to correctly handle secure prefix and added useSecureCookies config.
closes #1487.

Ravi•3/7/25, 10:17 PM

Hi. I migrated away from both getsession() and using auth.api for middleware. Instead I am doing the following:

RRavi Hi. I migrated away from both getsession() and using auth.api for middleware. In...

joseph013318•3/8/25, 3:10 AM

Hey @Ravi does this solve the infinite pending state issue also?

Jjoseph013318 Hey @Ravi does this solve the infinite pending state issue also?

Ravi•3/8/25, 5:25 PM

Sorry, I'm not aware of this issue. What is it?

RRavi Sorry, I'm not aware of this issue. What is it?

joseph013318•3/9/25, 4:40 AM

https://github.com/better-auth/better-auth/issues/1006 This is the issue!

GitHub

`useSession()` not always triggering a state change · Issue #1006 ·...

Is this suited for github? Yes, this is suited for github To Reproduce Sign in with email and password Use useSession() in the following component: export function AuthLayout({ children }: AppLayou...

arth•4/2/25, 1:04 PM

I was trying to use getSessionCookie just now with my middleware and i kept getting null. so i replaced it with this:

arth•4/2/25, 1:04 PM

this works

arth•4/2/25, 1:09 PM

bug-reportsgetSessionCookie does not work in middleware

Aarth I was trying to use getSessionCookie just now with my middleware and i kept gett...

Dawson•4/2/25, 10:43 PM

What a great guy

Dawson•4/2/25, 10:43 PM

I hope your pillow feels cold on both sides tonight man. Have a great day

Brian Cheung•7/2/25, 1:05 AM

by any chance do you all think this is related to this issue that I'm facing?
https://github.com/better-auth/better-auth/issues/2055#issuecomment-3017746698

GitHub

auth.api.getSession returns null in RSC Layout.tsx with valid sessi...

Is this suited for github? Yes, this is suited for github To Reproduce I'm trying to debug why auth.api.getSession will return null, when the session is valid after a query to /api/auth/get-ses...

Brian Cheung•7/2/25, 1:05 AM

(see my comment for the repro)

Brian Cheung•7/2/25, 1:06 AM

the get-session randomly returns null which is super annoyin