docs: cookies

2025-12-10 12:27:44 +00:00 · 2024-09-29 22:47:07 +03:00
parent cfa347f896
commit a60c911fcd
4 changed files with 81 additions and 2 deletions
--- a/docs/components/sidebar-content.tsx
+++ b/docs/components/sidebar-content.tsx
@@ -133,6 +133,23 @@ export const contents: Content[] = [
 					</svg>
 				),
 			},
+			{
+				title: "Cookies",
+				href: "/docs/concepts/cookies",
+				icon: () => (
+					<svg
+						xmlns="http://www.w3.org/2000/svg"
+						width="1.2em"
+						height=".21em"
+						viewBox="0 0 16 16"
+					>
+						<path
+							fill="currentColor"
+							d="M8 1a7 7 0 1 0 6.926 5.978a.5.5 0 0 0-.781-.338a2 2 0 0 1-3.111-1.273a.5.5 0 0 0-.401-.4A2 2 0 0 1 9.36 1.854a.5.5 0 0 0-.338-.78A7 7 0 0 0 8 1m0 7.75a.75.75 0 1 1 0-1.5a.75.75 0 0 1 0 1.5m-2 2a.75.75 0 1 1-1.5 0a.75.75 0 0 1 1.5 0M4.75 7a.75.75 0 1 1 0-1.5a.75.75 0 0 1 0 1.5m5.75 4.25a.75.75 0 1 1-1.5 0a.75.75 0 0 1 1.5 0"
+						></path>
+					</svg>
+				),
+			},
 			{
 				title: "Database",
 				icon: (props?: SVGProps<any>) => (
--- a/docs/content/docs/concepts/cookies.mdx
+++ b/docs/content/docs/concepts/cookies.mdx
@@ -0,0 +1,55 @@
+---
+title: Cookies
+description: Learn how cookies are used in BetterAuth
+---
+
+Cookies are used to store data such as session tokens, CSRF tokens, and more. All cookies are signed using the `secret` key provided in the auth options.
+
+Core better auth cookies like `session` and `csrf` will follow `betterauth.${cookie_name}` format. 
+
+All cookies are `httpOnly` and `secure` if the server is running in production mode. 
+
+### Cross Subdomain Cookies
+
+By default, cookies aren't shared across subdomains. You can enable cross subdomain cookies by setting `crossSubDomainCookies.enabled` to `true` in the `advanced` object in the auth options.
+
+```ts title="auth.ts"
+import { betterAuth } from "better-auth"
+
+export const auth = await betterAuth({
+    adavaned: {
+        crossSubDomainCookies: {
+            enabled: true,
+            domain: "example.com" // Optional. Defaults to the base url domain
+        }
+    }
+})
+```
+
+### Disable CSRF Cookie (Not Recommended)
+
+If you want to disable the CSRF cookie, you can set `disableCsrfCheck` to `true` in the `advanced` object in the auth options.
+
+```ts title="auth.ts"
+import { betterAuth } from "better-auth"
+
+export const auth = await betterAuth({
+    adavaned: {
+        disableCsrfCheck: true
+    }
+})
+```
+
+### Secure Cookies
+
+By default, cookies are secure if the server is running in production mode. You can force cookies to be secure by setting `useSecureCookies` to `true` in the `advanced` object in the auth options.
+
+```ts title="auth.ts"
+import { betterAuth } from "better-auth"
+
+export const auth = await betterAuth({
+    adavaned: {
+        useSecureCookies: true
+    }
+})
+```
--- a/docs/content/docs/concepts/database.mdx
+++ b/docs/content/docs/concepts/database.mdx
@@ -99,12 +99,12 @@ Better auth requires the following tables to be present in the database. The typ
      description: "User's email address for communication and login" 
    },
    { 
-      name: "created_at", 
+      name: "createdAt", 
      type: "Date", 
      description: "Timestamp of when the user account was created" 
    },
    { 
-      name: "updated_at", 
+      name: "updatedAt", 
      type: "Date",
      description: "Timestamp of the last update to the user's information" 
    },
--- a/packages/better-auth/src/types/options.ts
+++ b/packages/better-auth/src/types/options.ts
@@ -268,6 +268,13 @@ export interface BetterAuthOptions {
 			 * cookies will be shared across subdomains
 			 */
 			eligibleCookies?: string[];
+			/**
+			 * The domain to use for the cookies
+			 *
+			 * By default, the domain will be the root
+			 * domain from the base URL.
+			 */
+			domain?: string;
 		};
 	};
 	logger?: {