From 59c1e5a48a4f65a07bd45da407eed322f87d89e7 Mon Sep 17 00:00:00 2001 From: Bereket Engida Date: Mon, 23 Dec 2024 15:43:36 +0300 Subject: [PATCH] fix: default to 1 day for session freshness --- demo/nextjs/components/sign-in.tsx | 5 +++- demo/nextjs/lib/auth.ts | 3 ++ .../docs/concepts/session-management.mdx | 29 +++++++++++++++++++ docs/content/docs/concepts/users-accounts.mdx | 2 +- packages/better-auth/src/init.ts | 2 +- 5 files changed, 38 insertions(+), 3 deletions(-) diff --git a/demo/nextjs/components/sign-in.tsx b/demo/nextjs/components/sign-in.tsx index ba28090d..052a6bfb 100644 --- a/demo/nextjs/components/sign-in.tsx +++ b/demo/nextjs/components/sign-in.tsx @@ -272,9 +272,12 @@ export default function SignIn() { onClick={async () => { await signIn.passkey({ fetchOptions: { - onResponse(context) { + onSuccess(context) { router.push("/dashboard"); }, + onError(context) { + toast.error(context.error.message); + }, }, }); }} diff --git a/demo/nextjs/lib/auth.ts b/demo/nextjs/lib/auth.ts index ead2ce01..4010681f 100644 --- a/demo/nextjs/lib/auth.ts +++ b/demo/nextjs/lib/auth.ts @@ -43,6 +43,9 @@ export const auth = betterAuth({ dialect, type: "sqlite", }, + session: { + freshAge: 0, + }, emailVerification: { async sendVerificationEmail({ user, url }) { const res = await resend.emails.send({ diff --git a/docs/content/docs/concepts/session-management.mdx b/docs/content/docs/concepts/session-management.mdx index c6177083..414f69cc 100644 --- a/docs/content/docs/concepts/session-management.mdx +++ b/docs/content/docs/concepts/session-management.mdx @@ -33,6 +33,35 @@ export const auth = betterAuth({ }) ``` +## Session Freshness + +Some endpoints in Better Auth require the session to be **fresh**. A session is considered fresh if its `createdAt` is within the `freshAge` limit. By default, the `freshAge` is set to **1 day** (60 * 60 * 24). + +You can customize the `freshAge` value by passing a `session` object in the `auth` configuration: + +```ts title="auth.ts" +import { betterAuth } from "better-auth" + +export const auth = betterAuth({ + //... other config options + session: { + freshAge: 60 * 5 // 5 minutes (the session is fresh if created within the last 5 minutes) + } +}) +``` + +To **disable the freshness check**, set `freshAge` to `0`: + +```ts title="auth.ts" +import { betterAuth } from "better-auth" + +export const auth = betterAuth({ + //... other config options + session: { + freshAge: 0 // Disable freshness check + } +}) +``` ## Session Management Better Auth provides a set of functions to manage sessions. diff --git a/docs/content/docs/concepts/users-accounts.mdx b/docs/content/docs/concepts/users-accounts.mdx index 0553c557..0b502713 100644 --- a/docs/content/docs/concepts/users-accounts.mdx +++ b/docs/content/docs/concepts/users-accounts.mdx @@ -184,7 +184,7 @@ await authClient.deleteUser({ The user must have a `fresh` session token, meaning the user must have signed in recently. This is checked if the password is not provided. -If `session.freshAge` is set to `0`, this requirement is effectively bypassed. +By default `session.freshAge` is set to `60 * 60 * 24` (1 day). You can change this value by passing the `session` object to the `auth` configuration. If it is set to `0`, the freshness check is disabled. ```ts title="delete-user.ts" diff --git a/packages/better-auth/src/init.ts b/packages/better-auth/src/init.ts index 4c8b5acd..aea78de5 100644 --- a/packages/better-auth/src/init.ts +++ b/packages/better-auth/src/init.ts @@ -102,7 +102,7 @@ export const init = async (options: BetterAuthOptions) => { expiresIn: options.session?.expiresIn || 60 * 60 * 24 * 7, // 7 days freshAge: options.session?.freshAge === undefined - ? 5 * 60 + ? 60 * 60 * 24 // 24 hours : options.session.freshAge, }, secret,