fix(email-otp): email-verification doesn't trigger session signal (#5219)

packages/better-auth/src/plugins/email-otp/client.ts

@@ -5,5 +5,11 @@ export const emailOTPClient = () => {
 	return {
 		id: "email-otp",
 		$InferServerPlugin: {} as ReturnType<typeof emailOTP>,
+		atomListeners: [
+			{
+				matcher: (path) => path === "/email-otp/verify-email",
+				signal: "$sessionSignal",
+			},
+		],
 	} satisfies BetterAuthClientPlugin;
 };

packages/better-auth/src/plugins/email-otp/index.ts

@@ -1,5 +1,5 @@
 import * as z from "zod";
-import { APIError } from "../../api";
+import { APIError, getSessionFromCtx } from "../../api";
 import {
 	createAuthEndpoint,
 	createAuthMiddleware,
@@ -11,7 +11,7 @@ import {
 	symmetricEncrypt,
 } from "../../crypto";
 import { getDate } from "../../utils/date";
-import { setSessionCookie } from "../../cookies";
+import { setCookieCache, setSessionCookie } from "../../cookies";
 import { getEndpointResponse } from "../../utils/plugin-helper";
 import { defaultKeyHasher, splitAtLastColon } from "./utils";
 import type { GenericEndpointContext } from "@better-auth/core";
@@ -727,7 +727,24 @@ export const emailOTP = (options: EmailOTPOptions) => {
 							},
 						});
 					}
-
+					const currentSession = await getSessionFromCtx(ctx);
+					if (currentSession && updatedUser.emailVerified) {
+						const dontRememberMeCookie = await ctx.getSignedCookie(
+							ctx.context.authCookies.dontRememberToken.name,
+							ctx.context.secret,
+						);
+						await setCookieCache(
+							ctx,
+							{
+								session: currentSession.session,
+								user: {
+									...currentSession.user,
+									emailVerified: true,
+								},
+							},
+							!!dontRememberMeCookie,
+						);
+					}
 					return ctx.json({
 						status: true,
 						token: null,