ChowderCrab
BABetter Auth
•Created by ChowderCrab on 2/18/2025 in #help
Is there a preferred way to periodically refresh the cookie cache?
I was actually able to vastly simplify my solution when I determined that I can pass my "setCookie" function (from TanStack Start) into the getSession call server-side. The Better Auth code will now use that to update cookies for me.
So now all I do is:
For Next.js setting cookies is a handled differently so I'm not sure if you'll find a way to do this easily. Even if you wrapped the Next.js cookie setting code in a setCookie function that matches the expected signature, I think there may be a problem since cookies are (I think recently) async in Next.js.
7 replies
BABetter Auth
•Created by ChowderCrab on 2/18/2025 in #help
Is there a preferred way to periodically refresh the cookie cache?
Hey, I'm not quite ready to share yet since there are some security implications I'm trying to sort out. I'll come back if I work through those!
7 replies
BABetter Auth
•Created by ChowderCrab on 2/18/2025 in #help
Is there a preferred way to periodically refresh the cookie cache?
UPDATE: Improved further. I looked at the Better Auth code and implemented
setCookieCache on my server. That removes the extra cookie I was making and the 10 second check on the client. Now, any time I find the cookie cache missing on the server I recreate it and set the cookie in the response. That means the only time I ever hit the database for the session is the first request after the cookie cache expires, which is exactly how I'd like it work.7 replies
BABetter Auth
•Created by ChowderCrab on 2/18/2025 in #help
Is there a preferred way to periodically refresh the cookie cache?
I could save some of the extra work if I can get a new value for the cookie cache directly from BetterAuth and set it in the server function. That way rather than setting a "cache-expired" cookie and manually refetching from the client, I'd just refresh the cookie cache on the server as we do with the primary session token. Maybe there's already a way to do this?
7 replies
BABetter Auth
•Created by ChowderCrab on 2/18/2025 in #help
Is there a preferred way to periodically refresh the cookie cache?
EDIT: this isn't the latest. See below.
I came up with something that works okay, although I'm still interested in what others might think or if there's a simpler solution.
What I did:
1. In my server function that checks auth I'm already checking headers on essentially every request. I added a check to see if the cookie cache is present ("better-auth.session_data"). If it's not (i.e., it's expired), then I set a cookie (not HTTP Only) called "cache-expired=true".
2. In my logged-in layout, I have one query set up with React Query to call authClient.getSession. This is set to a longer time like 15 minutes, and will redirect to log-in if the session is ever null (expired). Before returning it sets the cookie "cache-expired=false" to reset things.
3. I have a separate React Query that runs every 10 seconds and all it does is check document.cookie to see if "cache-expired=true". If found, it'll invalidate the "session" query, causing it to refetch immediately and set the cookie cache.
This setup will not refetch the session as soon as the cookie cache has expired. However, as soon as the user does pretty much anything in the app we'll set the "cache-expired" cookie and then the client will refresh the cookie cache within 10 seconds.
This seems like a decent setup that minimizes unnecessary get-session calls from the client. If the user isn't actively using the app then the session will only be fetched client-side once every 15 minutes (I might even make this longer), which lets me send them to sign-in if the session expires. However, if they are actively using the app and the cookie cache expires, we'll get it reset within 10 seconds of the user's last action.
7 replies