mirror of
https://github.com/LukeHagar/better-auth.git
synced 2025-12-10 12:27:44 +00:00
feat: session and user management docs
This commit is contained in:
Bereket Engida
81
docs/content/docs/concepts/session-management.mdx
Normal file
81
docs/content/docs/concepts/session-management.mdx
Normal file
@@ -0,0 +1,81 @@
|
||||
---
|
||||
title: Session Management
|
||||
description: Better Auth Session Management
|
||||
---
|
||||
|
||||
Better auth manages session using a traditional cookie-based session management. The session is stored in a cookie and is sent to the server on every request. The server then verifies the session and returns the user data if the session is valid.
|
||||
|
||||
## Session table
|
||||
|
||||
The session table stores the session data. The session table has the following fields:
|
||||
|
||||
- `id`: The session id. Which is also used as the session cookie.
|
||||
- `userId`: The user id of the user.
|
||||
- `expiresAt`: The expiration date of the session.
|
||||
- `ipAddress`: The IP address of the user.
|
||||
- `userAgent`: The user agent of the user. It stores the user agent header from the request.
|
||||
|
||||
## Session Expiration
|
||||
|
||||
The session expires after 7 days by default. But whenever the session is used, and the `updateAge` is reached the session expiration is updated to the current time plus the `expiresIn` value.
|
||||
|
||||
You can change both the `expiresIn` and `updateAge` values by passing the `session` object to the `auth` configuration.
|
||||
|
||||
```ts title="auth.ts"
|
||||
import { betterAuth } from "better-auth"
|
||||
|
||||
export const auth = await betterAuth({
|
||||
//... other config options
|
||||
session: {
|
||||
expiresIn: 1000 * 60 * 60 * 24 * 7 // 7 days,
|
||||
updateAge: 1000 * 60 * 60 * 24 // 1 day (every 1 day the session expiration is updated)
|
||||
}
|
||||
})
|
||||
```
|
||||
|
||||
## Session Management
|
||||
|
||||
Better Auth provides a set of functions to manage sessions.
|
||||
|
||||
### List Sessions
|
||||
|
||||
The `listSessions` function returns a list of sessions that are active for the user.
|
||||
|
||||
```ts title="client.ts"
|
||||
import { client } from "@/lib/client"
|
||||
|
||||
const sessions = await client.user.listSessions()
|
||||
```
|
||||
|
||||
### Revoke Session
|
||||
|
||||
When a user signs out of a device, the session is automatically ended. However, you can also end a session manually from any device the user is signed into.
|
||||
|
||||
To end a session, use the `revokeSession` function. Just pass the session ID as a parameter.
|
||||
|
||||
```ts title="client.ts"
|
||||
await client.user.revokeSession({
|
||||
id: session.id,
|
||||
})
|
||||
```
|
||||
|
||||
### Revoke All Sessions
|
||||
|
||||
To revoke all sessions, you can use the `revokeSessions` function.
|
||||
|
||||
```ts title="client.ts"
|
||||
await client.user.revokeSessions()
|
||||
```
|
||||
|
||||
### Revoking Sessions on Password Change
|
||||
|
||||
You can revoke all sessions when the user changes their password by passing `revokeOtherSessions` true on `changePAssword` function.
|
||||
|
||||
```ts title="auth.ts"
|
||||
await user.changePassword({
|
||||
newPassword: newPassword,
|
||||
currentPassword: currentPassword,
|
||||
revokeOtherSessions: signOutDevices,
|
||||
})
|
||||
```
|
||||
|
||||
44
docs/content/docs/concepts/user-management.mdx
Normal file
44
docs/content/docs/concepts/user-management.mdx
Normal file
@@ -0,0 +1,44 @@
|
||||
---
|
||||
title: User Management
|
||||
description: User management concepts
|
||||
---
|
||||
|
||||
Beyond authenticating users, Better auth also provides a set of functions to manage users. This includes, updating user information, changing passwords, and more.
|
||||
|
||||
## User table
|
||||
|
||||
The user table stores the user data. The user table has the following fields:
|
||||
|
||||
- `id`: The user id.
|
||||
- `email`: The email of the user.
|
||||
- `name`: The name of the user.
|
||||
- `image`: The image of the user.
|
||||
- `createdAt`: The creation date of the user.
|
||||
- `updatedAt`: The last update date of the user.
|
||||
|
||||
The user table can be extended by plugins to store additional data. When a plugin extends a user table it's infered by the type system and can be used in the client.
|
||||
|
||||
## Update User
|
||||
|
||||
### Update User Information
|
||||
|
||||
To update user information, you can use the `updateUser` function provided by the client. The `updateUser` function takes an object with the following properties:
|
||||
|
||||
```ts
|
||||
await user.update({
|
||||
image: "https://example.com/image.jpg",
|
||||
name: "John Doe",
|
||||
})
|
||||
```
|
||||
|
||||
### Change Password
|
||||
|
||||
Password of a user isn't stored in the user table. Instead, it's stored in the account table. To change the password of a user, you can use the `changePassword` function provided by the client. The `changePassword` function takes an object with the following properties:
|
||||
|
||||
```ts
|
||||
await user.changePassword({
|
||||
newPassword: "newPassword123",
|
||||
currentPassword: "oldPassword123",
|
||||
revokeOtherSessions: true, // revoke all other sessions the user is signed into
|
||||
});
|
||||
```
|
||||
Reference in New Issue
Block a user