From ff89e76d3bfaeb5c33f25639bd1312cbee34e25d Mon Sep 17 00:00:00 2001
From: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
Date: Sun, 12 Oct 2025 14:17:44 +1000
Subject: [PATCH] fix(email-otp): email-verification doesn't trigger session
 signal (#5219)

---
 .../src/plugins/email-otp/client.ts           |  6 +++++
 .../src/plugins/email-otp/index.ts            | 23 ++++++++++++++++---
 2 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/packages/better-auth/src/plugins/email-otp/client.ts b/packages/better-auth/src/plugins/email-otp/client.ts
index b8608590..5ecf1ba9 100644
--- a/packages/better-auth/src/plugins/email-otp/client.ts
+++ b/packages/better-auth/src/plugins/email-otp/client.ts
@@ -5,5 +5,11 @@ export const emailOTPClient = () => {
 	return {
 		id: "email-otp",
 		$InferServerPlugin: {} as ReturnType<typeof emailOTP>,
+		atomListeners: [
+			{
+				matcher: (path) => path === "/email-otp/verify-email",
+				signal: "$sessionSignal",
+			},
+		],
 	} satisfies BetterAuthClientPlugin;
 };
diff --git a/packages/better-auth/src/plugins/email-otp/index.ts b/packages/better-auth/src/plugins/email-otp/index.ts
index 9f272bae..b925d845 100644
--- a/packages/better-auth/src/plugins/email-otp/index.ts
+++ b/packages/better-auth/src/plugins/email-otp/index.ts
@@ -1,5 +1,5 @@
 import * as z from "zod";
-import { APIError } from "../../api";
+import { APIError, getSessionFromCtx } from "../../api";
 import {
 	createAuthEndpoint,
 	createAuthMiddleware,
@@ -11,7 +11,7 @@ import {
 	symmetricEncrypt,
 } from "../../crypto";
 import { getDate } from "../../utils/date";
-import { setSessionCookie } from "../../cookies";
+import { setCookieCache, setSessionCookie } from "../../cookies";
 import { getEndpointResponse } from "../../utils/plugin-helper";
 import { defaultKeyHasher, splitAtLastColon } from "./utils";
 import type { GenericEndpointContext } from "@better-auth/core";
@@ -727,7 +727,24 @@ export const emailOTP = (options: EmailOTPOptions) => {
 							},
 						});
 					}
-
+					const currentSession = await getSessionFromCtx(ctx);
+					if (currentSession && updatedUser.emailVerified) {
+						const dontRememberMeCookie = await ctx.getSignedCookie(
+							ctx.context.authCookies.dontRememberToken.name,
+							ctx.context.secret,
+						);
+						await setCookieCache(
+							ctx,
+							{
+								session: currentSession.session,
+								user: {
+									...currentSession.user,
+									emailVerified: true,
+								},
+							},
+							!!dontRememberMeCookie,
+						);
+					}
 					return ctx.json({
 						status: true,
 						token: null,