How to trigger refresh/update of session if user info changed

I made a plugin to store some custom user info

import type { BetterAuthPlugin } from 'better-auth';

export const userInfoPlugin = () => {
  return {
    id: 'additional_user_info',
    schema: {
      user: {
        fields: {
          is_approved: {
            type: 'boolean',
            defaultValue: false
          },
          super_admin: {
            type: 'boolean',
            defaultValue: false
          }
        }
      }
    }
  } satisfies BetterAuthPlugin;
};

import type { BetterAuthPlugin } from 'better-auth';

export const userInfoPlugin = () => {
  return {
    id: 'additional_user_info',
    schema: {
      user: {
        fields: {
          is_approved: {
            type: 'boolean',
            defaultValue: false
          },
          super_admin: {
            type: 'boolean',
            defaultValue: false
          }
        }
      }
    }
  } satisfies BetterAuthPlugin;
};

My Current session settings are:

session: {
    cookieCache: {
      enabled: true,
      maxAge: COOKIE_CACHE_TIME_MS / 1000
    },
    expiresIn: 60 * 60 * 24 * 20, // 20 days
    updateAge: 60 * 60 * 24 * 1 // 1 day (every 1 day the session expiration is updated)
  }

session: {
    cookieCache: {
      enabled: true,
      maxAge: COOKIE_CACHE_TIME_MS / 1000
    },
    expiresIn: 60 * 60 * 24 * 20, // 20 days
    updateAge: 60 * 60 * 24 * 1 // 1 day (every 1 day the session expiration is updated)
  }

So whenever I update the user data, like approving the user data then the user wont see it reflected until the session token is refreshed after 1 day. Currently the way I am handling it is by revoking all user sessions which is a sloppy approach as it signs out all the users. Note : I am also using Secondary Storage(Redis)

Solution:

finally got it working ```ts endpoints: { approve_user: createAuthEndpoint(...

Jump to solution

8 Replies

shubhattinOP•2mo ago

Is there a better way to handle this

bekacru•2mo ago

you can call getSession with cookie cache disabled

await authClient.getSession({
  query: {
    disableCookieCache: true
  }
})

await authClient.getSession({
  query: {
    disableCookieCache: true
  }
})

this will refetch the session and updates the cache as well

shubhattinOP•2mo ago

But I want to do on behalf of other users. Is that possible If its not then the current I am thinking of it is to have a key in the redis database like user:{id}:should_refresh Looks like I want to have best of both worlds, but that might not be possible without some workaround the above one. What do you think of this approach where we would explicitly set to refresh cookie when instructed to (via a entry redis that expires after a day when set) or is they a better I can't think if right now I implemented this but this is not updating user info

      const session = await authClient.getSession({
        query: {
          disableCookieCache: true
        }
      });
      console.log(session.data?.session);
      console.log(session.data?.user);

      const session = await authClient.getSession({
        query: {
          disableCookieCache: true
        }
      });
      console.log(session.data?.session);
      console.log(session.data?.user);

Is this because of usage of secondary storage which caches it for 1 day

bekacru•2mo ago

If you update the user on the table but not on the secondary storage Better Auth still wouldn't know to refetch from the secondary storage. The above code I suggested was for cookie cache not secondary storage cache. If you can, use the built in updateUser functionality instead which invalidates and update the cache properly

shubhattinOP•2mo ago

Can a admin use updateUser and then will the cache be refreshed (redis). If not then I think that I should listing all the active sessions and update their in the cache as well. Did I get it correctly. This might be the only way forward currently as I can see I saw this on the docs

const updatedUser = await authClient.admin.setRole({
  userId: "user_id_here",
  role: "admin",
});

const updatedUser = await authClient.admin.setRole({
  userId: "user_id_here",
  role: "admin",
});

Looks like in this example we can can update users role. I need to have this for my own plugin too. I also expect that this updates the secondary storage too. This is my simple plugin

import type { BetterAuthPlugin } from 'better-auth';

export const userInfoPlugin = () => {
  return {
    id: 'additional_user_info',
    schema: {
      user: {
        fields: {
          is_approved: {
            type: 'boolean',
            defaultValue: false
          },
          super_admin: {
            type: 'boolean',
            defaultValue: false
          }
        }
      }
    }
  } satisfies BetterAuthPlugin;
};

import type { BetterAuthPlugin } from 'better-auth';

export const userInfoPlugin = () => {
  return {
    id: 'additional_user_info',
    schema: {
      user: {
        fields: {
          is_approved: {
            type: 'boolean',
            defaultValue: false
          },
          super_admin: {
            type: 'boolean',
            defaultValue: false
          }
        }
      }
    }
  } satisfies BetterAuthPlugin;
};

What about this

endpoints: {
      approve_user: createAuthEndpoint(
        '/user_infp_plugin/approve_user',
        {
          method: 'GET'
        },
        async (ctx) => {
          // Make changes to the database and secodary storage
        }
      )
    }

endpoints: {
      approve_user: createAuthEndpoint(
        '/user_infp_plugin/approve_user',
        {
          method: 'GET'
        },
        async (ctx) => {
          // Make changes to the database and secodary storage
        }
      )
    }

shubhattinOP•2mo ago

Seeing it from here. https://github.com/better-auth/better-auth/blob/6b5c48b092b8760cb26701a30469fdce0d25c726/packages/better-auth/src/plugins/admin/admin.ts#L254 Should this work

 endpoints: {
      approve_user: createAuthEndpoint(
        '/approve_user',
        {
          method: 'GET'
        },
        async (ctx) => {
          const updatedUser = await ctx.context.internalAdapter.updateUser(
            ctx.body.userId,
            {
              is_approved: true
            },
            ctx
          );
          return ctx.json({
            user: updatedUser
          });
        }
      )
    }

 endpoints: {
      approve_user: createAuthEndpoint(
        '/approve_user',
        {
          method: 'GET'
        },
        async (ctx) => {
          const updatedUser = await ctx.context.internalAdapter.updateUser(
            ctx.body.userId,
            {
              is_approved: true
            },
            ctx
          );
          return ctx.json({
            user: updatedUser
          });
        }
      )
    }

Will test this out and update you

GitHub

better-auth/packages/better-auth/src/plugins/admin/admin.ts at 6b5c...

The most comprehensive authentication framework for TypeScript - better-auth/better-auth

shubhattinOP•2mo ago

Looks the authClient.admin.setRole is also not updating the cache. In that case I will write the login to do this myself. I need this functionality as currently I have invalidate their sessions (forcing logout). I want to find a better way to do this.

Solution

shubhattin•2mo ago

finally got it working

endpoints: {
      approve_user: createAuthEndpoint(
        '/user_info/approve_user',
        {
          method: 'POST',
          body: z.object({
            userId: z.string()
          })
        },
        async (ctx) => {
          const updatedUser = await ctx.context.internalAdapter.updateUser(
            ctx.body.userId,
            {
              is_approved: true
            },
            ctx
          );

          // invalidating cache
          const { sessions } = await auth.api.listUserSessions({
            body: {
              userId: ctx.body.userId
            },
            headers: {
              Cookie: ctx.request?.headers.get('Cookie') || ''
            }
          });
          await Promise.allSettled(
            sessions.map(async (session, i) => {
              const data = await redis.get<typeof auth.$Infer.Session>(session.token);
              await redis.set(session.token, JSON.stringify({ ...data, user: updatedUser }));
            })
          );

          return ctx.json({
            user: updatedUser
          });
        }
      )
    }

endpoints: {
      approve_user: createAuthEndpoint(
        '/user_info/approve_user',
        {
          method: 'POST',
          body: z.object({
            userId: z.string()
          })
        },
        async (ctx) => {
          const updatedUser = await ctx.context.internalAdapter.updateUser(
            ctx.body.userId,
            {
              is_approved: true
            },
            ctx
          );

          // invalidating cache
          const { sessions } = await auth.api.listUserSessions({
            body: {
              userId: ctx.body.userId
            },
            headers: {
              Cookie: ctx.request?.headers.get('Cookie') || ''
            }
          });
          await Promise.allSettled(
            sessions.map(async (session, i) => {
              const data = await redis.get<typeof auth.$Infer.Session>(session.token);
              await redis.set(session.token, JSON.stringify({ ...data, user: updatedUser }));
            })
          );

          return ctx.json({
            user: updatedUser
          });
        }
      )
    }

Gaming

Programming

How to trigger refresh/update of session if user info changed

Did you find this page helpful?