LukeParke/better-auth
1
0
Fork 0
mirror of https://github.com/LukeHagar/better-auth.git synced 2025-12-07 20:37:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: default to 1 day for session freshness

Browse Source
This commit is contained in:
Bereket Engida
2024-12-23 15:43:36 +03:00
parent a9b7c74c61
commit 59c1e5a48a
5 changed files with 38 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
demo/nextjs/components/sign-in.tsx
View File

@@ -272,9 +272,12 @@ export default function SignIn() {
onClick={async () => { onClick={async () => {
await signIn.passkey({ await signIn.passkey({
fetchOptions: { fetchOptions: {
onResponse(context) { onSuccess(context) {
router.push("/dashboard"); router.push("/dashboard");
}, },
onError(context) {
toast.error(context.error.message);
},
}, },
}); });
}} }}

3
demo/nextjs/lib/auth.ts
View File

@@ -43,6 +43,9 @@ export const auth = betterAuth({
dialect, dialect,
type: "sqlite", type: "sqlite",
}, },
session: {
freshAge: 0,
},
emailVerification: { emailVerification: {
async sendVerificationEmail({ user, url }) { async sendVerificationEmail({ user, url }) {
const res = await resend.emails.send({ const res = await resend.emails.send({

29
docs/content/docs/concepts/session-management.mdx
View File

@@ -33,6 +33,35 @@ export const auth = betterAuth({
}) })
``` ```
## Session Freshness
Some endpoints in Better Auth require the session to be **fresh**. A session is considered fresh if its `createdAt` is within the `freshAge` limit. By default, the `freshAge` is set to **1 day** (60 * 60 * 24).
You can customize the `freshAge` value by passing a `session` object in the `auth` configuration:
```ts title="auth.ts"
import { betterAuth } from "better-auth"
export const auth = betterAuth({
//... other config options
session: {
freshAge: 60 * 5 // 5 minutes (the session is fresh if created within the last 5 minutes)
}
})
```
To **disable the freshness check**, set `freshAge` to `0`:
```ts title="auth.ts"
import { betterAuth } from "better-auth"
export const auth = betterAuth({
//... other config options
session: {
freshAge: 0 // Disable freshness check
}
})
```
## Session Management ## Session Management
Better Auth provides a set of functions to manage sessions. Better Auth provides a set of functions to manage sessions.

2
docs/content/docs/concepts/users-accounts.mdx
View File

@@ -184,7 +184,7 @@ await authClient.deleteUser({
The user must have a `fresh` session token, meaning the user must have signed in recently. This is checked if the password is not provided. The user must have a `fresh` session token, meaning the user must have signed in recently. This is checked if the password is not provided.
<Callout type="warn"> <Callout type="warn">
If `session.freshAge` is set to `0`, this requirement is effectively bypassed. By default `session.freshAge` is set to `60 * 60 * 24` (1 day). You can change this value by passing the `session` object to the `auth` configuration. If it is set to `0`, the freshness check is disabled.
</Callout> </Callout>
```ts title="delete-user.ts" ```ts title="delete-user.ts"

2
packages/better-auth/src/init.ts
View File

@@ -102,7 +102,7 @@ export const init = async (options: BetterAuthOptions) => {
expiresIn: options.session?.expiresIn || 60 * 60 * 24 * 7, // 7 days expiresIn: options.session?.expiresIn || 60 * 60 * 24 * 7, // 7 days
freshAge: freshAge:
options.session?.freshAge === undefined options.session?.freshAge === undefined
? 5 * 60 ? 60 * 60 * 24 // 24 hours
: options.session.freshAge, : options.session.freshAge,
}, },
secret, secret,