@better-auth/expo 1.3.26 → 1.3.28

package/dist/client.cjs

@@ -112,12 +112,61 @@ function getOrigin(scheme) {
   const schemeURI = Linking__namespace.createURL("", { scheme });
   return schemeURI;
 }
+function hasSessionCookieChanged(prevCookie, newCookie) {
+  if (!prevCookie) return true;
+  try {
+    const prev = JSON.parse(prevCookie);
+    const next = JSON.parse(newCookie);
+    const sessionKeys = /* @__PURE__ */ new Set();
+    Object.keys(prev).forEach((key) => {
+      if (key.includes("session_token") || key.includes("session_data")) {
+        sessionKeys.add(key);
+      }
+    });
+    Object.keys(next).forEach((key) => {
+      if (key.includes("session_token") || key.includes("session_data")) {
+        sessionKeys.add(key);
+      }
+    });
+    for (const key of sessionKeys) {
+      const prevValue = prev[key]?.value;
+      const nextValue = next[key]?.value;
+      if (prevValue !== nextValue) {
+        return true;
+      }
+    }
+    return false;
+  } catch {
+    return true;
+  }
+}
+function hasBetterAuthCookies(setCookieHeader, cookiePrefix) {
+  const cookies = parseSetCookieHeader(setCookieHeader);
+  const sessionCookieSuffixes = ["session_token", "session_data"];
+  for (const name of cookies.keys()) {
+    const nameWithoutSecure = name.startsWith("__Secure-") ? name.slice(9) : name;
+    for (const suffix of sessionCookieSuffixes) {
+      if (cookiePrefix) {
+        if (nameWithoutSecure === `${cookiePrefix}.${suffix}`) {
+          return true;
+        }
+      } else {
+        if (nameWithoutSecure.endsWith(suffix)) {
+          return true;
+        }
+      }
+    }
+  }
+  return false;
+}
 const expoClient = (opts) => {
   let store = null;
-  const cookieName = `${opts?.storagePrefix || "better-auth"}_cookie`;
-  const localCacheName = `${opts?.storagePrefix || "better-auth"}_session_data`;
+  const storagePrefix = opts?.storagePrefix || "better-auth";
+  const cookieName = `${storagePrefix}_cookie`;
+  const localCacheName = `${storagePrefix}_session_data`;
   const storage = opts?.storage;
   const isWeb = reactNative.Platform.OS === "web";
+  const cookiePrefix = opts?.cookiePrefix || "better-auth";
   const rawScheme = opts?.scheme || Constants__default.expoConfig?.scheme || Constants__default.platform?.scheme;
   const scheme = Array.isArray(rawScheme) ? rawScheme[0] : rawScheme;
   if (!scheme && !isWeb) {
@@ -160,13 +209,19 @@ const expoClient = (opts) => {
             if (isWeb) return;
             const setCookie = context.response.headers.get("set-cookie");
             if (setCookie) {
-              const prevCookie = await storage.getItem(cookieName);
-              const toSetCookie = getSetCookie(
-                setCookie || "",
-                prevCookie ?? void 0
-              );
-              await storage.setItem(cookieName, toSetCookie);
-              store?.notify("$sessionSignal");
+              if (hasBetterAuthCookies(setCookie, cookiePrefix)) {
+                const prevCookie = await storage.getItem(cookieName);
+                const toSetCookie = getSetCookie(
+                  setCookie || "",
+                  prevCookie ?? void 0
+                );
+                if (hasSessionCookieChanged(prevCookie, toSetCookie)) {
+                  await storage.setItem(cookieName, toSetCookie);
+                  store?.notify("$sessionSignal");
+                } else {
+                  await storage.setItem(cookieName, toSetCookie);
+                }
+              }
             }
             if (context.request.url.toString().includes("/get-session") && !opts?.disableCache) {
               const data = context.data;
@@ -263,4 +318,5 @@ const expoClient = (opts) => {
 exports.expoClient = expoClient;
 exports.getCookie = getCookie;
 exports.getSetCookie = getSetCookie;
+exports.hasBetterAuthCookies = hasBetterAuthCookies;
 exports.parseSetCookieHeader = parseSetCookieHeader;

package/dist/client.d.cts

@@ -1,6 +1,6 @@
+import * as better_auth_types from 'better-auth/types';
 import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { BetterFetchOption } from '@better-fetch/fetch';
-import { Store } from 'better-auth/types';
 
 interface CookieAttributes {
     value: string;
@@ -19,14 +19,41 @@ interface ExpoClientOptions {
         setItem: (key: string, value: string) => any;
         getItem: (key: string) => string | null;
     };
+    /**
+     * Prefix for local storage keys (e.g., "my-app_cookie", "my-app_session_data")
+     * @default "better-auth"
+     */
     storagePrefix?: string;
+    /**
+     * Prefix for server cookie names to filter (e.g., "better-auth.session_token")
+     * This is used to identify which cookies belong to better-auth to prevent
+     * infinite refetching when third-party cookies are set.
+     * @default "better-auth"
+     */
+    cookiePrefix?: string;
     disableCache?: boolean;
 }
 declare function getSetCookie(header: string, prevCookie?: string): string;
 declare function getCookie(cookie: string): string;
+/**
+ * Check if the Set-Cookie header contains session-related better-auth cookies.
+ * Only triggers session updates when session_token or session_data cookies are present.
+ * This prevents infinite refetching when non-session cookies (like third-party cookies) change.
+ *
+ * Supports multiple cookie naming patterns:
+ * - Default: "better-auth.session_token", "__Secure-better-auth.session_token"
+ * - Custom prefix: "myapp.session_token", "__Secure-myapp.session_token"
+ * - Custom full names: "my_custom_session_token", "custom_session_data"
+ * - No prefix (cookiePrefix=""): "session_token", "my_session_token", etc.
+ *
+ * @param setCookieHeader - The Set-Cookie header value
+ * @param cookiePrefix - The cookie prefix to check for. Can be empty string for custom cookie names.
+ * @returns true if the header contains session-related cookies, false otherwise
+ */
+declare function hasBetterAuthCookies(setCookieHeader: string, cookiePrefix: string): boolean;
 declare const expoClient: (opts: ExpoClientOptions) => {
     id: "expo";
-    getActions(_: _better_fetch_fetch.BetterFetch, $store: Store): {
+    getActions(_: _better_fetch_fetch.BetterFetch, $store: better_auth_types.ClientStore): {
         /**
          * Get the stored cookie.
          *
@@ -110,4 +137,4 @@ declare const expoClient: (opts: ExpoClientOptions) => {
     }[];
 };
 
-export { expoClient, getCookie, getSetCookie, parseSetCookieHeader };
+export { expoClient, getCookie, getSetCookie, hasBetterAuthCookies, parseSetCookieHeader };

package/dist/client.d.mts

@@ -1,6 +1,6 @@
+import * as better_auth_types from 'better-auth/types';
 import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { BetterFetchOption } from '@better-fetch/fetch';
-import { Store } from 'better-auth/types';
 
 interface CookieAttributes {
     value: string;
@@ -19,14 +19,41 @@ interface ExpoClientOptions {
         setItem: (key: string, value: string) => any;
         getItem: (key: string) => string | null;
     };
+    /**
+     * Prefix for local storage keys (e.g., "my-app_cookie", "my-app_session_data")
+     * @default "better-auth"
+     */
     storagePrefix?: string;
+    /**
+     * Prefix for server cookie names to filter (e.g., "better-auth.session_token")
+     * This is used to identify which cookies belong to better-auth to prevent
+     * infinite refetching when third-party cookies are set.
+     * @default "better-auth"
+     */
+    cookiePrefix?: string;
     disableCache?: boolean;
 }
 declare function getSetCookie(header: string, prevCookie?: string): string;
 declare function getCookie(cookie: string): string;
+/**
+ * Check if the Set-Cookie header contains session-related better-auth cookies.
+ * Only triggers session updates when session_token or session_data cookies are present.
+ * This prevents infinite refetching when non-session cookies (like third-party cookies) change.
+ *
+ * Supports multiple cookie naming patterns:
+ * - Default: "better-auth.session_token", "__Secure-better-auth.session_token"
+ * - Custom prefix: "myapp.session_token", "__Secure-myapp.session_token"
+ * - Custom full names: "my_custom_session_token", "custom_session_data"
+ * - No prefix (cookiePrefix=""): "session_token", "my_session_token", etc.
+ *
+ * @param setCookieHeader - The Set-Cookie header value
+ * @param cookiePrefix - The cookie prefix to check for. Can be empty string for custom cookie names.
+ * @returns true if the header contains session-related cookies, false otherwise
+ */
+declare function hasBetterAuthCookies(setCookieHeader: string, cookiePrefix: string): boolean;
 declare const expoClient: (opts: ExpoClientOptions) => {
     id: "expo";
-    getActions(_: _better_fetch_fetch.BetterFetch, $store: Store): {
+    getActions(_: _better_fetch_fetch.BetterFetch, $store: better_auth_types.ClientStore): {
         /**
          * Get the stored cookie.
          *
@@ -110,4 +137,4 @@ declare const expoClient: (opts: ExpoClientOptions) => {
     }[];
 };
 
-export { expoClient, getCookie, getSetCookie, parseSetCookieHeader };
+export { expoClient, getCookie, getSetCookie, hasBetterAuthCookies, parseSetCookieHeader };

package/dist/client.d.ts

@@ -1,6 +1,6 @@
+import * as better_auth_types from 'better-auth/types';
 import * as _better_fetch_fetch from '@better-fetch/fetch';
 import { BetterFetchOption } from '@better-fetch/fetch';
-import { Store } from 'better-auth/types';
 
 interface CookieAttributes {
     value: string;
@@ -19,14 +19,41 @@ interface ExpoClientOptions {
         setItem: (key: string, value: string) => any;
         getItem: (key: string) => string | null;
     };
+    /**
+     * Prefix for local storage keys (e.g., "my-app_cookie", "my-app_session_data")
+     * @default "better-auth"
+     */
     storagePrefix?: string;
+    /**
+     * Prefix for server cookie names to filter (e.g., "better-auth.session_token")
+     * This is used to identify which cookies belong to better-auth to prevent
+     * infinite refetching when third-party cookies are set.
+     * @default "better-auth"
+     */
+    cookiePrefix?: string;
     disableCache?: boolean;
 }
 declare function getSetCookie(header: string, prevCookie?: string): string;
 declare function getCookie(cookie: string): string;
+/**
+ * Check if the Set-Cookie header contains session-related better-auth cookies.
+ * Only triggers session updates when session_token or session_data cookies are present.
+ * This prevents infinite refetching when non-session cookies (like third-party cookies) change.
+ *
+ * Supports multiple cookie naming patterns:
+ * - Default: "better-auth.session_token", "__Secure-better-auth.session_token"
+ * - Custom prefix: "myapp.session_token", "__Secure-myapp.session_token"
+ * - Custom full names: "my_custom_session_token", "custom_session_data"
+ * - No prefix (cookiePrefix=""): "session_token", "my_session_token", etc.
+ *
+ * @param setCookieHeader - The Set-Cookie header value
+ * @param cookiePrefix - The cookie prefix to check for. Can be empty string for custom cookie names.
+ * @returns true if the header contains session-related cookies, false otherwise
+ */
+declare function hasBetterAuthCookies(setCookieHeader: string, cookiePrefix: string): boolean;
 declare const expoClient: (opts: ExpoClientOptions) => {
     id: "expo";
-    getActions(_: _better_fetch_fetch.BetterFetch, $store: Store): {
+    getActions(_: _better_fetch_fetch.BetterFetch, $store: better_auth_types.ClientStore): {
         /**
          * Get the stored cookie.
          *
@@ -110,4 +137,4 @@ declare const expoClient: (opts: ExpoClientOptions) => {
     }[];
 };
 
-export { expoClient, getCookie, getSetCookie, parseSetCookieHeader };
+export { expoClient, getCookie, getSetCookie, hasBetterAuthCookies, parseSetCookieHeader };

package/dist/client.mjs

@@ -93,12 +93,61 @@ function getOrigin(scheme) {
   const schemeURI = Linking.createURL("", { scheme });
   return schemeURI;
 }
+function hasSessionCookieChanged(prevCookie, newCookie) {
+  if (!prevCookie) return true;
+  try {
+    const prev = JSON.parse(prevCookie);
+    const next = JSON.parse(newCookie);
+    const sessionKeys = /* @__PURE__ */ new Set();
+    Object.keys(prev).forEach((key) => {
+      if (key.includes("session_token") || key.includes("session_data")) {
+        sessionKeys.add(key);
+      }
+    });
+    Object.keys(next).forEach((key) => {
+      if (key.includes("session_token") || key.includes("session_data")) {
+        sessionKeys.add(key);
+      }
+    });
+    for (const key of sessionKeys) {
+      const prevValue = prev[key]?.value;
+      const nextValue = next[key]?.value;
+      if (prevValue !== nextValue) {
+        return true;
+      }
+    }
+    return false;
+  } catch {
+    return true;
+  }
+}
+function hasBetterAuthCookies(setCookieHeader, cookiePrefix) {
+  const cookies = parseSetCookieHeader(setCookieHeader);
+  const sessionCookieSuffixes = ["session_token", "session_data"];
+  for (const name of cookies.keys()) {
+    const nameWithoutSecure = name.startsWith("__Secure-") ? name.slice(9) : name;
+    for (const suffix of sessionCookieSuffixes) {
+      if (cookiePrefix) {
+        if (nameWithoutSecure === `${cookiePrefix}.${suffix}`) {
+          return true;
+        }
+      } else {
+        if (nameWithoutSecure.endsWith(suffix)) {
+          return true;
+        }
+      }
+    }
+  }
+  return false;
+}
 const expoClient = (opts) => {
   let store = null;
-  const cookieName = `${opts?.storagePrefix || "better-auth"}_cookie`;
-  const localCacheName = `${opts?.storagePrefix || "better-auth"}_session_data`;
+  const storagePrefix = opts?.storagePrefix || "better-auth";
+  const cookieName = `${storagePrefix}_cookie`;
+  const localCacheName = `${storagePrefix}_session_data`;
   const storage = opts?.storage;
   const isWeb = Platform.OS === "web";
+  const cookiePrefix = opts?.cookiePrefix || "better-auth";
   const rawScheme = opts?.scheme || Constants.expoConfig?.scheme || Constants.platform?.scheme;
   const scheme = Array.isArray(rawScheme) ? rawScheme[0] : rawScheme;
   if (!scheme && !isWeb) {
@@ -141,13 +190,19 @@ const expoClient = (opts) => {
             if (isWeb) return;
             const setCookie = context.response.headers.get("set-cookie");
             if (setCookie) {
-              const prevCookie = await storage.getItem(cookieName);
-              const toSetCookie = getSetCookie(
-                setCookie || "",
-                prevCookie ?? void 0
-              );
-              await storage.setItem(cookieName, toSetCookie);
-              store?.notify("$sessionSignal");
+              if (hasBetterAuthCookies(setCookie, cookiePrefix)) {
+                const prevCookie = await storage.getItem(cookieName);
+                const toSetCookie = getSetCookie(
+                  setCookie || "",
+                  prevCookie ?? void 0
+                );
+                if (hasSessionCookieChanged(prevCookie, toSetCookie)) {
+                  await storage.setItem(cookieName, toSetCookie);
+                  store?.notify("$sessionSignal");
+                } else {
+                  await storage.setItem(cookieName, toSetCookie);
+                }
+              }
             }
             if (context.request.url.toString().includes("/get-session") && !opts?.disableCache) {
               const data = context.data;
@@ -241,4 +296,4 @@ const expoClient = (opts) => {
   };
 };
 
-export { expoClient, getCookie, getSetCookie, parseSetCookieHeader };
+export { expoClient, getCookie, getSetCookie, hasBetterAuthCookies, parseSetCookieHeader };

package/dist/index.d.cts

@@ -1,5 +1,5 @@
 import * as better_call from 'better-call';
-import * as better_auth_types from 'better-auth/types';
+import * as better_auth from 'better-auth';
 import { z } from 'zod';
 
 interface ExpoOptions {
@@ -10,17 +10,23 @@ interface ExpoOptions {
 }
 declare const expo: (options?: ExpoOptions) => {
     id: "expo";
-    init: (ctx: better_auth_types.AuthContext) => {
+    init: (ctx: better_auth.AuthContext) => {
         options: {
             trustedOrigins: string[];
         };
     };
-    onRequest(request: Request, ctx: better_auth_types.AuthContext): Promise<{
+    onRequest(request: Request, ctx: better_auth.AuthContext): Promise<{
         request: Request;
     } | undefined>;
     hooks: {
         after: {
-            matcher(context: better_auth_types.HookEndpointContext): boolean;
+            matcher(context: better_call.EndpointContext<string, any> & Omit<better_call.InputContext<string, any>, "method"> & {
+                context: better_auth.AuthContext & {
+                    returned?: unknown;
+                    responseHeaders?: Headers;
+                };
+                headers?: Headers;
+            }): boolean;
             handler: (inputContext: better_call.MiddlewareInputContext<better_call.MiddlewareOptions>) => Promise<void>;
         }[];
     };

package/dist/index.d.mts

@@ -1,5 +1,5 @@
 import * as better_call from 'better-call';
-import * as better_auth_types from 'better-auth/types';
+import * as better_auth from 'better-auth';
 import { z } from 'zod';
 
 interface ExpoOptions {
@@ -10,17 +10,23 @@ interface ExpoOptions {
 }
 declare const expo: (options?: ExpoOptions) => {
     id: "expo";
-    init: (ctx: better_auth_types.AuthContext) => {
+    init: (ctx: better_auth.AuthContext) => {
         options: {
             trustedOrigins: string[];
         };
     };
-    onRequest(request: Request, ctx: better_auth_types.AuthContext): Promise<{
+    onRequest(request: Request, ctx: better_auth.AuthContext): Promise<{
         request: Request;
     } | undefined>;
     hooks: {
         after: {
-            matcher(context: better_auth_types.HookEndpointContext): boolean;
+            matcher(context: better_call.EndpointContext<string, any> & Omit<better_call.InputContext<string, any>, "method"> & {
+                context: better_auth.AuthContext & {
+                    returned?: unknown;
+                    responseHeaders?: Headers;
+                };
+                headers?: Headers;
+            }): boolean;
             handler: (inputContext: better_call.MiddlewareInputContext<better_call.MiddlewareOptions>) => Promise<void>;
         }[];
     };

package/dist/index.d.ts

@@ -1,5 +1,5 @@
 import * as better_call from 'better-call';
-import * as better_auth_types from 'better-auth/types';
+import * as better_auth from 'better-auth';
 import { z } from 'zod';
 
 interface ExpoOptions {
@@ -10,17 +10,23 @@ interface ExpoOptions {
 }
 declare const expo: (options?: ExpoOptions) => {
     id: "expo";
-    init: (ctx: better_auth_types.AuthContext) => {
+    init: (ctx: better_auth.AuthContext) => {
         options: {
             trustedOrigins: string[];
         };
     };
-    onRequest(request: Request, ctx: better_auth_types.AuthContext): Promise<{
+    onRequest(request: Request, ctx: better_auth.AuthContext): Promise<{
         request: Request;
     } | undefined>;
     hooks: {
         after: {
-            matcher(context: better_auth_types.HookEndpointContext): boolean;
+            matcher(context: better_call.EndpointContext<string, any> & Omit<better_call.InputContext<string, any>, "method"> & {
+                context: better_auth.AuthContext & {
+                    returned?: unknown;
+                    responseHeaders?: Headers;
+                };
+                headers?: Headers;
+            }): boolean;
             handler: (inputContext: better_call.MiddlewareInputContext<better_call.MiddlewareOptions>) => Promise<void>;
         }[];
     };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@better-auth/expo",
-  "version": "1.3.26",
+  "version": "1.3.28",
   "description": "",
   "main": "dist/index.cjs",
   "module": "dist/index.mjs",
@@ -44,7 +44,7 @@
   },
   "license": "MIT",
   "devDependencies": {
-    "@better-fetch/fetch": "^1.1.18",
+    "@better-fetch/fetch": "1.1.18",
     "@types/better-sqlite3": "^7.6.13",
     "better-sqlite3": "^12.2.0",
     "expo-constants": "~17.1.7",
@@ -54,7 +54,7 @@
     "expo-web-browser": "~14.2.0",
     "react-native": "~0.80.2",
     "unbuild": "^3.6.1",
-    "better-auth": "1.3.26"
+    "better-auth": "1.3.28"
   },
   "peerDependencies": {
     "expo-constants": ">=17.0.0",
@@ -62,10 +62,10 @@
     "expo-linking": ">=7.0.0",
     "expo-secure-store": ">=14.0.0",
     "expo-web-browser": ">=14.0.0",
-    "better-auth": "1.3.26"
+    "better-auth": "1.3.28"
   },
   "dependencies": {
-    "@better-fetch/fetch": "^1.1.18",
+    "@better-fetch/fetch": "1.1.18",
     "zod": "^4.1.5"
   },
   "files": [