Ahmed Comments - Answer Overflow

sure we can’t as i mention above to be edge compatible. i think the best that can be done is to clarify in the docs and also adjust the logic to check for https:// to add the secure prefix, right now if someone is using --experimental-https in development the session cookie is prefixed with __secure- but the function is only adding the prefix in production rustling in null return Or maybe we can just add an config option useSecureCookies: true and let the user control it. something like this

export const getSessionCookie = (
    request: Request | Headers,
    config?: {
        cookiePrefix?: string;
        cookieName?: string;
                useSecureCookies: boolean;
    },
) => {
    const headers = request instanceof Headers ? request : request.headers;
    const cookies = headers.get("cookie");
    if (!cookies) {
        return null;
    }
    const { 
            cookieName = "session_token",
            cookiePrefix = "better-auth",
            useSecureCookies = isProduction || request.nextUrl.origin.startsWith("https://") } =
        config || {};
    const name = useSecureCookies 
        ? `__Secure-${cookiePrefix}.${cookieName}`
        : `${cookiePrefix}.${cookieName}`;
    const parsedCookie = parseCookies(cookies);
    const sessionToken = parsedCookie.get(name);
    if (sessionToken) {
        return sessionToken;
    }
    return null;
};

export const getSessionCookie = (
    request: Request | Headers,
    config?: {
        cookiePrefix?: string;
        cookieName?: string;
                useSecureCookies: boolean;
    },
) => {
    const headers = request instanceof Headers ? request : request.headers;
    const cookies = headers.get("cookie");
    if (!cookies) {
        return null;
    }
    const { 
            cookieName = "session_token",
            cookiePrefix = "better-auth",
            useSecureCookies = isProduction || request.nextUrl.origin.startsWith("https://") } =
        config || {};
    const name = useSecureCookies 
        ? `__Secure-${cookiePrefix}.${cookieName}`
        : `${cookiePrefix}.${cookieName}`;
    const parsedCookie = parseCookies(cookies);
    const sessionToken = parsedCookie.get(name);
    if (sessionToken) {
        return sessionToken;
    }
    return null;
};

22 replies

BABetter Auth

•Created by Ahmed on 3/6/2025 in #bug-reports

getSessionCookie() return null is some cases

Temporary fix:

    const sessionCookie = getSessionCookie(request, {
        cookiePrefix:
            process.env.NODE_ENV === "development" &&
            request.nextUrl.origin.startsWith("https://")
                ? `__Secure-${process.env.APP_NAME}`
                : `${process.env.APP_NAME}`,
// just use '__Secure-' : '' if you don't use cookiePrefix
    });

    const sessionCookie = getSessionCookie(request, {
        cookiePrefix:
            process.env.NODE_ENV === "development" &&
            request.nextUrl.origin.startsWith("https://")
                ? `__Secure-${process.env.APP_NAME}`
                : `${process.env.APP_NAME}`,
// just use '__Secure-' : '' if you don't use cookiePrefix
    });

@joseph013318 @Ravi @shadow @keks

22 replies

BABetter Auth

•Created by Ahmed on 11/17/2024 in #bug-reports

authClient.organization.create() error, in latest beta

yup now working, silly me 😒 thank you @bekacru

9 replies

BABetter Auth

•Created by Ahmed on 11/17/2024 in #bug-reports

authClient.organization.create() error, in latest beta

if the user is signed in the email should be inherited from the current user session right ?!

Gaming

Programming