@sirketio/auth 0.0.1

package/dist/cookies/cookie-utils.mjs

@@ -0,0 +1,105 @@
+//#region src/cookies/cookie-utils.ts
+const SECURE_COOKIE_PREFIX = "__Secure-";
+const HOST_COOKIE_PREFIX = "__Host-";
+/**
+* Remove __Secure- or __Host- prefix from cookie name.
+*/
+function stripSecureCookiePrefix(cookieName) {
+	if (cookieName.startsWith(SECURE_COOKIE_PREFIX)) return cookieName.slice(9);
+	if (cookieName.startsWith(HOST_COOKIE_PREFIX)) return cookieName.slice(7);
+	return cookieName;
+}
+/**
+* Split `Set-Cookie` header, handling commas in `Expires` dates.
+*/
+function splitSetCookieHeader(setCookie) {
+	if (!setCookie) return [];
+	const result = [];
+	let current = "";
+	let i = 0;
+	while (i < setCookie.length) {
+		const c = setCookie[i];
+		if (c === ",") {
+			const lower = current.toLowerCase();
+			if (lower.includes("expires=") && !lower.includes("gmt")) {
+				current += c;
+				i++;
+			} else {
+				const trimmed = current.trim();
+				if (trimmed) result.push(trimmed);
+				current = "";
+				i++;
+				if (i < setCookie.length && setCookie[i] === " ") i++;
+			}
+			continue;
+		}
+		current += c;
+		i++;
+	}
+	const trimmed = current.trim();
+	if (trimmed) result.push(trimmed);
+	return result;
+}
+function parseSetCookieHeader(setCookie) {
+	const cookies = /* @__PURE__ */ new Map();
+	splitSetCookieHeader(setCookie).forEach((cookieString) => {
+		const [nameValue, ...attributes] = cookieString.split(";").map((part) => part.trim());
+		const [name, ...valueParts] = (nameValue || "").split("=");
+		const value = valueParts.join("=");
+		if (!name || value === void 0) return;
+		const attrObj = { value };
+		attributes.forEach((attribute) => {
+			const [attrName, ...attrValueParts] = attribute.split("=");
+			const attrValue = attrValueParts.join("=");
+			const normalizedAttrName = attrName.trim().toLowerCase();
+			switch (normalizedAttrName) {
+				case "max-age":
+					attrObj["max-age"] = attrValue ? parseInt(attrValue.trim(), 10) : void 0;
+					break;
+				case "expires":
+					attrObj.expires = attrValue ? new Date(attrValue.trim()) : void 0;
+					break;
+				case "domain":
+					attrObj.domain = attrValue ? attrValue.trim() : void 0;
+					break;
+				case "path":
+					attrObj.path = attrValue ? attrValue.trim() : void 0;
+					break;
+				case "secure":
+					attrObj.secure = true;
+					break;
+				case "httponly":
+					attrObj.httponly = true;
+					break;
+				case "samesite":
+					attrObj.samesite = attrValue ? attrValue.trim().toLowerCase() : void 0;
+					break;
+				default:
+					attrObj[normalizedAttrName] = attrValue ? attrValue.trim() : true;
+					break;
+			}
+		});
+		cookies.set(name, attrObj);
+	});
+	return cookies;
+}
+function setCookieToHeader(headers) {
+	return (context) => {
+		const setCookieHeader = context.response.headers.get("set-cookie");
+		if (!setCookieHeader) return;
+		const cookieMap = /* @__PURE__ */ new Map();
+		(headers.get("cookie") || "").split(";").forEach((cookie) => {
+			const [name, ...rest] = cookie.trim().split("=");
+			if (name && rest.length > 0) cookieMap.set(name, rest.join("="));
+		});
+		parseSetCookieHeader(setCookieHeader).forEach((value, name) => {
+			cookieMap.set(name, value.value);
+		});
+		const updatedCookies = Array.from(cookieMap.entries()).map(([name, value]) => `${name}=${value}`).join("; ");
+		headers.set("cookie", updatedCookies);
+	};
+}
+
+//#endregion
+export { HOST_COOKIE_PREFIX, SECURE_COOKIE_PREFIX, parseSetCookieHeader, setCookieToHeader, splitSetCookieHeader, stripSecureCookiePrefix };
+//# sourceMappingURL=cookie-utils.mjs.map

package/dist/cookies/cookie-utils.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"cookie-utils.mjs","names":[],"sources":["../../src/cookies/cookie-utils.ts"],"sourcesContent":["export interface CookieAttributes {\n\tvalue: string;\n\t\"max-age\"?: number | undefined;\n\texpires?: Date | undefined;\n\tdomain?: string | undefined;\n\tpath?: string | undefined;\n\tsecure?: boolean | undefined;\n\thttponly?: boolean | undefined;\n\tsamesite?: (\"strict\" | \"lax\" | \"none\") | undefined;\n\t[key: string]: any;\n}\n\nexport const SECURE_COOKIE_PREFIX = \"__Secure-\";\nexport const HOST_COOKIE_PREFIX = \"__Host-\";\n\n/**\n * Remove __Secure- or __Host- prefix from cookie name.\n */\nexport function stripSecureCookiePrefix(cookieName: string): string {\n\tif (cookieName.startsWith(SECURE_COOKIE_PREFIX)) {\n\t\treturn cookieName.slice(SECURE_COOKIE_PREFIX.length);\n\t}\n\tif (cookieName.startsWith(HOST_COOKIE_PREFIX)) {\n\t\treturn cookieName.slice(HOST_COOKIE_PREFIX.length);\n\t}\n\treturn cookieName;\n}\n\n/**\n * Split `Set-Cookie` header, handling commas in `Expires` dates.\n */\nexport function splitSetCookieHeader(setCookie: string): string[] {\n\tif (!setCookie) return [];\n\n\tconst result: string[] = [];\n\tlet current = \"\";\n\tlet i = 0;\n\n\twhile (i < setCookie.length) {\n\t\tconst c = setCookie[i];\n\n\t\tif (c === \",\") {\n\t\t\tconst lower = current.toLowerCase();\n\t\t\tif (lower.includes(\"expires=\") && !lower.includes(\"gmt\")) {\n\t\t\t\tcurrent += c;\n\t\t\t\ti++;\n\t\t\t} else {\n\t\t\t\tconst trimmed = current.trim();\n\t\t\t\tif (trimmed) {\n\t\t\t\t\tresult.push(trimmed);\n\t\t\t\t}\n\t\t\t\tcurrent = \"\";\n\t\t\t\ti++;\n\t\t\t\tif (i < setCookie.length && setCookie[i] === \" \") {\n\t\t\t\t\ti++;\n\t\t\t\t}\n\t\t\t}\n\t\t\tcontinue;\n\t\t}\n\n\t\tcurrent += c;\n\t\ti++;\n\t}\n\n\tconst trimmed = current.trim();\n\tif (trimmed) {\n\t\tresult.push(trimmed);\n\t}\n\n\treturn result;\n}\n\nexport function parseSetCookieHeader(\n\tsetCookie: string,\n): Map<string, CookieAttributes> {\n\tconst cookies = new Map<string, CookieAttributes>();\n\tconst cookieArray = splitSetCookieHeader(setCookie);\n\n\tcookieArray.forEach((cookieString) => {\n\t\tconst parts = cookieString.split(\";\").map((part) => part.trim());\n\t\tconst [nameValue, ...attributes] = parts;\n\t\tconst [name, ...valueParts] = (nameValue || \"\").split(\"=\");\n\n\t\tconst value = valueParts.join(\"=\");\n\n\t\tif (!name || value === undefined) {\n\t\t\treturn;\n\t\t}\n\n\t\tconst attrObj: CookieAttributes = { value };\n\n\t\tattributes.forEach((attribute) => {\n\t\t\tconst [attrName, ...attrValueParts] = attribute!.split(\"=\");\n\t\t\tconst attrValue = attrValueParts.join(\"=\");\n\n\t\t\tconst normalizedAttrName = attrName!.trim().toLowerCase();\n\n\t\t\tswitch (normalizedAttrName) {\n\t\t\t\tcase \"max-age\":\n\t\t\t\t\tattrObj[\"max-age\"] = attrValue\n\t\t\t\t\t\t? parseInt(attrValue.trim(), 10)\n\t\t\t\t\t\t: undefined;\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"expires\":\n\t\t\t\t\tattrObj.expires = attrValue ? new Date(attrValue.trim()) : undefined;\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"domain\":\n\t\t\t\t\tattrObj.domain = attrValue ? attrValue.trim() : undefined;\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"path\":\n\t\t\t\t\tattrObj.path = attrValue ? attrValue.trim() : undefined;\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"secure\":\n\t\t\t\t\tattrObj.secure = true;\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"httponly\":\n\t\t\t\t\tattrObj.httponly = true;\n\t\t\t\t\tbreak;\n\t\t\t\tcase \"samesite\":\n\t\t\t\t\tattrObj.samesite = attrValue\n\t\t\t\t\t\t? (attrValue.trim().toLowerCase() as \"strict\" | \"lax\" | \"none\")\n\t\t\t\t\t\t: undefined;\n\t\t\t\t\tbreak;\n\t\t\t\tdefault:\n\t\t\t\t\t// Handle any other attributes\n\t\t\t\t\tattrObj[normalizedAttrName] = attrValue ? attrValue.trim() : true;\n\t\t\t\t\tbreak;\n\t\t\t}\n\t\t});\n\n\t\tcookies.set(name, attrObj);\n\t});\n\n\treturn cookies;\n}\n\nexport function setCookieToHeader(headers: Headers) {\n\treturn (context: { response: Response }) => {\n\t\tconst setCookieHeader = context.response.headers.get(\"set-cookie\");\n\t\tif (!setCookieHeader) {\n\t\t\treturn;\n\t\t}\n\n\t\tconst cookieMap = new Map<string, string>();\n\n\t\tconst existingCookiesHeader = headers.get(\"cookie\") || \"\";\n\t\texistingCookiesHeader.split(\";\").forEach((cookie) => {\n\t\t\tconst [name, ...rest] = cookie!.trim().split(\"=\");\n\t\t\tif (name && rest.length > 0) {\n\t\t\t\tcookieMap.set(name, rest.join(\"=\"));\n\t\t\t}\n\t\t});\n\n\t\tconst cookies = parseSetCookieHeader(setCookieHeader);\n\t\tcookies.forEach((value, name) => {\n\t\t\tcookieMap.set(name, value.value);\n\t\t});\n\n\t\tconst updatedCookies = Array.from(cookieMap.entries())\n\t\t\t.map(([name, value]) => `${name}=${value}`)\n\t\t\t.join(\"; \");\n\t\theaders.set(\"cookie\", updatedCookies);\n\t};\n}\n"],"mappings":";AAYA,MAAa,uBAAuB;AACpC,MAAa,qBAAqB;;;;AAKlC,SAAgB,wBAAwB,YAA4B;AACnE,KAAI,WAAW,WAAW,qBAAqB,CAC9C,QAAO,WAAW,MAAM,EAA4B;AAErD,KAAI,WAAW,WAAW,mBAAmB,CAC5C,QAAO,WAAW,MAAM,EAA0B;AAEnD,QAAO;;;;;AAMR,SAAgB,qBAAqB,WAA6B;AACjE,KAAI,CAAC,UAAW,QAAO,EAAE;CAEzB,MAAM,SAAmB,EAAE;CAC3B,IAAI,UAAU;CACd,IAAI,IAAI;AAER,QAAO,IAAI,UAAU,QAAQ;EAC5B,MAAM,IAAI,UAAU;AAEpB,MAAI,MAAM,KAAK;GACd,MAAM,QAAQ,QAAQ,aAAa;AACnC,OAAI,MAAM,SAAS,WAAW,IAAI,CAAC,MAAM,SAAS,MAAM,EAAE;AACzD,eAAW;AACX;UACM;IACN,MAAM,UAAU,QAAQ,MAAM;AAC9B,QAAI,QACH,QAAO,KAAK,QAAQ;AAErB,cAAU;AACV;AACA,QAAI,IAAI,UAAU,UAAU,UAAU,OAAO,IAC5C;;AAGF;;AAGD,aAAW;AACX;;CAGD,MAAM,UAAU,QAAQ,MAAM;AAC9B,KAAI,QACH,QAAO,KAAK,QAAQ;AAGrB,QAAO;;AAGR,SAAgB,qBACf,WACgC;CAChC,MAAM,0BAAU,IAAI,KAA+B;AAGnD,CAFoB,qBAAqB,UAAU,CAEvC,SAAS,iBAAiB;EAErC,MAAM,CAAC,WAAW,GAAG,cADP,aAAa,MAAM,IAAI,CAAC,KAAK,SAAS,KAAK,MAAM,CAAC;EAEhE,MAAM,CAAC,MAAM,GAAG,eAAe,aAAa,IAAI,MAAM,IAAI;EAE1D,MAAM,QAAQ,WAAW,KAAK,IAAI;AAElC,MAAI,CAAC,QAAQ,UAAU,OACtB;EAGD,MAAM,UAA4B,EAAE,OAAO;AAE3C,aAAW,SAAS,cAAc;GACjC,MAAM,CAAC,UAAU,GAAG,kBAAkB,UAAW,MAAM,IAAI;GAC3D,MAAM,YAAY,eAAe,KAAK,IAAI;GAE1C,MAAM,qBAAqB,SAAU,MAAM,CAAC,aAAa;AAEzD,WAAQ,oBAAR;IACC,KAAK;AACJ,aAAQ,aAAa,YAClB,SAAS,UAAU,MAAM,EAAE,GAAG,GAC9B;AACH;IACD,KAAK;AACJ,aAAQ,UAAU,YAAY,IAAI,KAAK,UAAU,MAAM,CAAC,GAAG;AAC3D;IACD,KAAK;AACJ,aAAQ,SAAS,YAAY,UAAU,MAAM,GAAG;AAChD;IACD,KAAK;AACJ,aAAQ,OAAO,YAAY,UAAU,MAAM,GAAG;AAC9C;IACD,KAAK;AACJ,aAAQ,SAAS;AACjB;IACD,KAAK;AACJ,aAAQ,WAAW;AACnB;IACD,KAAK;AACJ,aAAQ,WAAW,YACf,UAAU,MAAM,CAAC,aAAa,GAC/B;AACH;IACD;AAEC,aAAQ,sBAAsB,YAAY,UAAU,MAAM,GAAG;AAC7D;;IAED;AAEF,UAAQ,IAAI,MAAM,QAAQ;GACzB;AAEF,QAAO;;AAGR,SAAgB,kBAAkB,SAAkB;AACnD,SAAQ,YAAoC;EAC3C,MAAM,kBAAkB,QAAQ,SAAS,QAAQ,IAAI,aAAa;AAClE,MAAI,CAAC,gBACJ;EAGD,MAAM,4BAAY,IAAI,KAAqB;AAG3C,GAD8B,QAAQ,IAAI,SAAS,IAAI,IACjC,MAAM,IAAI,CAAC,SAAS,WAAW;GACpD,MAAM,CAAC,MAAM,GAAG,QAAQ,OAAQ,MAAM,CAAC,MAAM,IAAI;AACjD,OAAI,QAAQ,KAAK,SAAS,EACzB,WAAU,IAAI,MAAM,KAAK,KAAK,IAAI,CAAC;IAEnC;AAGF,EADgB,qBAAqB,gBAAgB,CAC7C,SAAS,OAAO,SAAS;AAChC,aAAU,IAAI,MAAM,MAAM,MAAM;IAC/B;EAEF,MAAM,iBAAiB,MAAM,KAAK,UAAU,SAAS,CAAC,CACpD,KAAK,CAAC,MAAM,WAAW,GAAG,KAAK,GAAG,QAAQ,CAC1C,KAAK,KAAK;AACZ,UAAQ,IAAI,UAAU,eAAe"}

package/dist/cookies/index.d.mts

@@ -0,0 +1,121 @@
+import { Session, User } from "../types/models.mjs";
+import "../types/index.mjs";
+import { CookieAttributes, HOST_COOKIE_PREFIX, SECURE_COOKIE_PREFIX, parseSetCookieHeader, setCookieToHeader, splitSetCookieHeader, stripSecureCookiePrefix } from "./cookie-utils.mjs";
+import { createSessionStore, getChunkedCookie } from "./session-store.mjs";
+import { BetterAuthCookie, BetterAuthCookies, BetterAuthOptions, GenericEndpointContext } from "@better-auth/core";
+import * as better_call0 from "better-call";
+import { CookieOptions } from "better-call";
+
+//#region src/cookies/index.d.ts
+declare function createCookieGetter(options: BetterAuthOptions): (cookieName: string, overrideAttributes?: Partial<CookieOptions>) => {
+  name: string;
+  attributes: {
+    domain?: string;
+    expires?: Date;
+    httpOnly: boolean;
+    maxAge?: number;
+    path: string;
+    secure: boolean;
+    sameSite: "Strict" | "Lax" | "None" | "strict" | "lax" | "none";
+    partitioned?: boolean;
+    prefix?: better_call0.CookiePrefixOptions;
+  };
+};
+declare function getCookies(options: BetterAuthOptions): {
+  sessionToken: {
+    name: string;
+    attributes: {
+      domain?: string;
+      expires?: Date;
+      httpOnly: boolean;
+      maxAge?: number;
+      path: string;
+      secure: boolean;
+      sameSite: "Strict" | "Lax" | "None" | "strict" | "lax" | "none";
+      partitioned?: boolean;
+      prefix?: better_call0.CookiePrefixOptions;
+    };
+  };
+  /**
+   * This cookie is used to store the session data in the cookie
+   * This is useful for when you want to cache the session in the cookie
+   */
+  sessionData: {
+    name: string;
+    attributes: {
+      domain?: string;
+      expires?: Date;
+      httpOnly: boolean;
+      maxAge?: number;
+      path: string;
+      secure: boolean;
+      sameSite: "Strict" | "Lax" | "None" | "strict" | "lax" | "none";
+      partitioned?: boolean;
+      prefix?: better_call0.CookiePrefixOptions;
+    };
+  };
+  dontRememberToken: {
+    name: string;
+    attributes: {
+      domain?: string;
+      expires?: Date;
+      httpOnly: boolean;
+      maxAge?: number;
+      path: string;
+      secure: boolean;
+      sameSite: "Strict" | "Lax" | "None" | "strict" | "lax" | "none";
+      partitioned?: boolean;
+      prefix?: better_call0.CookiePrefixOptions;
+    };
+  };
+  accountData: {
+    name: string;
+    attributes: {
+      domain?: string;
+      expires?: Date;
+      httpOnly: boolean;
+      maxAge?: number;
+      path: string;
+      secure: boolean;
+      sameSite: "Strict" | "Lax" | "None" | "strict" | "lax" | "none";
+      partitioned?: boolean;
+      prefix?: better_call0.CookiePrefixOptions;
+    };
+  };
+};
+declare function setCookieCache(ctx: GenericEndpointContext, session: {
+  session: Session & Record<string, any>;
+  user: User;
+}, dontRememberMe: boolean): Promise<void>;
+declare function setSessionCookie(ctx: GenericEndpointContext, session: {
+  session: Session & Record<string, any>;
+  user: User;
+}, dontRememberMe?: boolean | undefined, overrides?: Partial<CookieOptions> | undefined): Promise<void>;
+/**
+ * Expires a cookie by setting `maxAge: 0` while preserving its attributes
+ */
+declare function expireCookie(ctx: GenericEndpointContext, cookie: BetterAuthCookie): void;
+declare function deleteSessionCookie(ctx: GenericEndpointContext, skipDontRememberMe?: boolean | undefined): void;
+declare function parseCookies(cookieHeader: string): Map<string, string>;
+type EligibleCookies = (string & {}) | (keyof BetterAuthCookies & {});
+declare const getSessionCookie: (request: Request | Headers, config?: {
+  cookiePrefix?: string;
+  cookieName?: string;
+  path?: string;
+} | undefined) => string | null;
+declare const getCookieCache: <S extends {
+  session: Session & Record<string, any>;
+  user: User & Record<string, any>;
+  updatedAt: number;
+  version?: string;
+}>(request: Request | Headers, config?: {
+  cookiePrefix?: string;
+  cookieName?: string;
+  isSecure?: boolean;
+  secret?: string;
+  strategy?: "compact" | "jwt" | "jwe";
+  version?: string | ((session: Session & Record<string, any>, user: User & Record<string, any>) => string) | ((session: Session & Record<string, any>, user: User & Record<string, any>) => Promise<string>);
+} | undefined) => Promise<S | null>;
+//#endregion
+export { CookieAttributes, EligibleCookies, HOST_COOKIE_PREFIX, SECURE_COOKIE_PREFIX, createCookieGetter, createSessionStore, deleteSessionCookie, expireCookie, getChunkedCookie, getCookieCache, getCookies, getSessionCookie, parseCookies, parseSetCookieHeader, setCookieCache, setCookieToHeader, setSessionCookie, splitSetCookieHeader, stripSecureCookiePrefix };
+//# sourceMappingURL=index.d.mts.map

package/dist/cookies/index.mjs

@@ -0,0 +1,261 @@
+import { getDate } from "../utils/date.mjs";
+import { parseUserOutput } from "../db/schema.mjs";
+import { isPromise } from "../utils/is-promise.mjs";
+import { signJWT, symmetricDecodeJWT, symmetricEncodeJWT, verifyJWT } from "../crypto/jwt.mjs";
+import { createAccountStore, createSessionStore, getAccountCookie, getChunkedCookie, setAccountCookie } from "./session-store.mjs";
+import { sec } from "../utils/time.mjs";
+import { HOST_COOKIE_PREFIX, SECURE_COOKIE_PREFIX, parseSetCookieHeader, setCookieToHeader, splitSetCookieHeader, stripSecureCookiePrefix } from "./cookie-utils.mjs";
+import { env, isProduction } from "@better-auth/core/env";
+import { BetterAuthError } from "@better-auth/core/error";
+import { safeJSONParse } from "@better-auth/core/utils/json";
+import { filterOutputFields } from "@better-auth/core/utils/db";
+import { base64Url } from "@better-auth/utils/base64";
+import { binary } from "@better-auth/utils/binary";
+import { createHMAC } from "@better-auth/utils/hmac";
+
+//#region src/cookies/index.ts
+function createCookieGetter(options) {
+	const secureCookiePrefix = (options.advanced?.useSecureCookies !== void 0 ? options.advanced?.useSecureCookies : options.baseURL ? options.baseURL.startsWith("https://") ? true : false : isProduction) ? SECURE_COOKIE_PREFIX : "";
+	const crossSubdomainEnabled = !!options.advanced?.crossSubDomainCookies?.enabled;
+	const domain = crossSubdomainEnabled ? options.advanced?.crossSubDomainCookies?.domain || (options.baseURL ? new URL(options.baseURL).hostname : void 0) : void 0;
+	if (crossSubdomainEnabled && !domain) throw new BetterAuthError("baseURL is required when crossSubdomainCookies are enabled");
+	function createCookie(cookieName, overrideAttributes = {}) {
+		const prefix = options.advanced?.cookiePrefix || "better-auth";
+		const name = options.advanced?.cookies?.[cookieName]?.name || `${prefix}.${cookieName}`;
+		const attributes = options.advanced?.cookies?.[cookieName]?.attributes ?? {};
+		return {
+			name: `${secureCookiePrefix}${name}`,
+			attributes: {
+				secure: !!secureCookiePrefix,
+				sameSite: "lax",
+				path: "/",
+				httpOnly: true,
+				...crossSubdomainEnabled ? { domain } : {},
+				...options.advanced?.defaultCookieAttributes,
+				...overrideAttributes,
+				...attributes
+			}
+		};
+	}
+	return createCookie;
+}
+function getCookies(options) {
+	const createCookie = createCookieGetter(options);
+	const sessionToken = createCookie("session_token", { maxAge: options.session?.expiresIn || sec("7d") });
+	const sessionData = createCookie("session_data", { maxAge: options.session?.cookieCache?.maxAge || 300 });
+	const accountData = createCookie("account_data", { maxAge: options.session?.cookieCache?.maxAge || 300 });
+	const dontRememberToken = createCookie("dont_remember");
+	return {
+		sessionToken: {
+			name: sessionToken.name,
+			attributes: sessionToken.attributes
+		},
+		sessionData: {
+			name: sessionData.name,
+			attributes: sessionData.attributes
+		},
+		dontRememberToken: {
+			name: dontRememberToken.name,
+			attributes: dontRememberToken.attributes
+		},
+		accountData: {
+			name: accountData.name,
+			attributes: accountData.attributes
+		}
+	};
+}
+async function setCookieCache(ctx, session, dontRememberMe) {
+	if (!ctx.context.options.session?.cookieCache?.enabled) return;
+	const filteredSession = filterOutputFields(session.session, ctx.context.options.session?.additionalFields);
+	const filteredUser = parseUserOutput(ctx.context.options, session.user);
+	const versionConfig = ctx.context.options.session?.cookieCache?.version;
+	let version = "1";
+	if (versionConfig) {
+		if (typeof versionConfig === "string") version = versionConfig;
+		else if (typeof versionConfig === "function") {
+			const result = versionConfig(session.session, session.user);
+			version = isPromise(result) ? await result : result;
+		}
+	}
+	const sessionData = {
+		session: filteredSession,
+		user: filteredUser,
+		updatedAt: Date.now(),
+		version
+	};
+	const options = {
+		...ctx.context.authCookies.sessionData.attributes,
+		maxAge: dontRememberMe ? void 0 : ctx.context.authCookies.sessionData.attributes.maxAge
+	};
+	const expiresAtDate = getDate(options.maxAge || 60, "sec").getTime();
+	const strategy = ctx.context.options.session?.cookieCache?.strategy || "compact";
+	let data;
+	if (strategy === "jwe") data = await symmetricEncodeJWT(sessionData, ctx.context.secret, "better-auth-session", options.maxAge || 300);
+	else if (strategy === "jwt") data = await signJWT(sessionData, ctx.context.secret, options.maxAge || 300);
+	else data = base64Url.encode(JSON.stringify({
+		session: sessionData,
+		expiresAt: expiresAtDate,
+		signature: await createHMAC("SHA-256", "base64urlnopad").sign(ctx.context.secret, JSON.stringify({
+			...sessionData,
+			expiresAt: expiresAtDate
+		}))
+	}), { padding: false });
+	if (data.length > 4093) {
+		const sessionStore = createSessionStore(ctx.context.authCookies.sessionData.name, options, ctx);
+		const cookies = sessionStore.chunk(data, options);
+		sessionStore.setCookies(cookies);
+	} else {
+		const sessionStore = createSessionStore(ctx.context.authCookies.sessionData.name, options, ctx);
+		if (sessionStore.hasChunks()) {
+			const cleanCookies = sessionStore.clean();
+			sessionStore.setCookies(cleanCookies);
+		}
+		ctx.setCookie(ctx.context.authCookies.sessionData.name, data, options);
+	}
+	if (ctx.context.options.account?.storeAccountCookie) {
+		const accountData = await getAccountCookie(ctx);
+		if (accountData) await setAccountCookie(ctx, accountData);
+	}
+}
+async function setSessionCookie(ctx, session, dontRememberMe, overrides) {
+	const dontRememberMeCookie = await ctx.getSignedCookie(ctx.context.authCookies.dontRememberToken.name, ctx.context.secret);
+	dontRememberMe = dontRememberMe !== void 0 ? dontRememberMe : !!dontRememberMeCookie;
+	const options = ctx.context.authCookies.sessionToken.attributes;
+	const maxAge = dontRememberMe ? void 0 : ctx.context.sessionConfig.expiresIn;
+	await ctx.setSignedCookie(ctx.context.authCookies.sessionToken.name, session.session.token, ctx.context.secret, {
+		...options,
+		maxAge,
+		...overrides
+	});
+	if (dontRememberMe) await ctx.setSignedCookie(ctx.context.authCookies.dontRememberToken.name, "true", ctx.context.secret, ctx.context.authCookies.dontRememberToken.attributes);
+	await setCookieCache(ctx, session, dontRememberMe);
+	ctx.context.setNewSession(session);
+}
+/**
+* Expires a cookie by setting `maxAge: 0` while preserving its attributes
+*/
+function expireCookie(ctx, cookie) {
+	ctx.setCookie(cookie.name, "", {
+		...cookie.attributes,
+		maxAge: 0
+	});
+}
+function deleteSessionCookie(ctx, skipDontRememberMe) {
+	expireCookie(ctx, ctx.context.authCookies.sessionToken);
+	expireCookie(ctx, ctx.context.authCookies.sessionData);
+	if (ctx.context.options.account?.storeAccountCookie) {
+		expireCookie(ctx, ctx.context.authCookies.accountData);
+		const accountStore = createAccountStore(ctx.context.authCookies.accountData.name, ctx.context.authCookies.accountData.attributes, ctx);
+		const cleanCookies = accountStore.clean();
+		accountStore.setCookies(cleanCookies);
+	}
+	if (ctx.context.oauthConfig.storeStateStrategy === "cookie") expireCookie(ctx, ctx.context.createAuthCookie("oauth_state"));
+	const sessionStore = createSessionStore(ctx.context.authCookies.sessionData.name, ctx.context.authCookies.sessionData.attributes, ctx);
+	const cleanCookies = sessionStore.clean();
+	sessionStore.setCookies(cleanCookies);
+	if (!skipDontRememberMe) expireCookie(ctx, ctx.context.authCookies.dontRememberToken);
+}
+function parseCookies(cookieHeader) {
+	const cookies = cookieHeader.split("; ");
+	const cookieMap = /* @__PURE__ */ new Map();
+	cookies.forEach((cookie) => {
+		const [name, value] = cookie.split(/=(.*)/s);
+		cookieMap.set(name, value);
+	});
+	return cookieMap;
+}
+const getSessionCookie = (request, config) => {
+	const cookies = (request instanceof Headers || !("headers" in request) ? request : request.headers).get("cookie");
+	if (!cookies) return null;
+	const { cookieName = "session_token", cookiePrefix = "better-auth" } = config || {};
+	const parsedCookie = parseCookies(cookies);
+	const getCookie = (name) => parsedCookie.get(name) || parsedCookie.get(`${SECURE_COOKIE_PREFIX}${name}`);
+	const sessionToken = getCookie(`${cookiePrefix}.${cookieName}`) || getCookie(`${cookiePrefix}-${cookieName}`);
+	if (sessionToken) return sessionToken;
+	return null;
+};
+const getCookieCache = async (request, config) => {
+	const cookies = (request instanceof Headers || !("headers" in request) ? request : request.headers).get("cookie");
+	if (!cookies) return null;
+	const { cookieName = "session_data", cookiePrefix = "better-auth" } = config || {};
+	const name = config?.isSecure !== void 0 ? config.isSecure ? `${SECURE_COOKIE_PREFIX}${cookiePrefix}.${cookieName}` : `${cookiePrefix}.${cookieName}` : isProduction ? `${SECURE_COOKIE_PREFIX}${cookiePrefix}.${cookieName}` : `${cookiePrefix}.${cookieName}`;
+	const parsedCookie = parseCookies(cookies);
+	let sessionData = parsedCookie.get(name);
+	if (!sessionData) {
+		const chunks = [];
+		for (const [cookieName, value] of parsedCookie.entries()) if (cookieName.startsWith(name + ".")) {
+			const parts = cookieName.split(".");
+			const indexStr = parts[parts.length - 1];
+			const index = parseInt(indexStr || "0", 10);
+			if (!isNaN(index)) chunks.push({
+				index,
+				value
+			});
+		}
+		if (chunks.length > 0) {
+			chunks.sort((a, b) => a.index - b.index);
+			sessionData = chunks.map((c) => c.value).join("");
+		}
+	}
+	if (sessionData) {
+		const secret = config?.secret || env.BETTER_AUTH_SECRET;
+		if (!secret) throw new BetterAuthError("getCookieCache requires a secret to be provided. Either pass it as an option or set the BETTER_AUTH_SECRET environment variable");
+		const strategy = config?.strategy || "compact";
+		if (strategy === "jwe") {
+			const payload = await symmetricDecodeJWT(sessionData, secret, "better-auth-session");
+			if (payload && payload.session && payload.user) {
+				if (config?.version) {
+					const cookieVersion = payload.version || "1";
+					let expectedVersion = "1";
+					if (typeof config.version === "string") expectedVersion = config.version;
+					else if (typeof config.version === "function") {
+						const result = config.version(payload.session, payload.user);
+						expectedVersion = isPromise(result) ? await result : result;
+					}
+					if (cookieVersion !== expectedVersion) return null;
+				}
+				return payload;
+			}
+			return null;
+		} else if (strategy === "jwt") {
+			const payload = await verifyJWT(sessionData, secret);
+			if (payload && payload.session && payload.user) {
+				if (config?.version) {
+					const cookieVersion = payload.version || "1";
+					let expectedVersion = "1";
+					if (typeof config.version === "string") expectedVersion = config.version;
+					else if (typeof config.version === "function") {
+						const result = config.version(payload.session, payload.user);
+						expectedVersion = isPromise(result) ? await result : result;
+					}
+					if (cookieVersion !== expectedVersion) return null;
+				}
+				return payload;
+			}
+			return null;
+		} else {
+			const sessionDataPayload = safeJSONParse(binary.decode(base64Url.decode(sessionData)));
+			if (!sessionDataPayload) return null;
+			if (!await createHMAC("SHA-256", "base64urlnopad").verify(secret, JSON.stringify({
+				...sessionDataPayload.session,
+				expiresAt: sessionDataPayload.expiresAt
+			}), sessionDataPayload.signature)) return null;
+			if (config?.version && sessionDataPayload.session) {
+				const cookieVersion = sessionDataPayload.session.version || "1";
+				let expectedVersion = "1";
+				if (typeof config.version === "string") expectedVersion = config.version;
+				else if (typeof config.version === "function") {
+					const result = config.version(sessionDataPayload.session.session, sessionDataPayload.session.user);
+					expectedVersion = isPromise(result) ? await result : result;
+				}
+				if (cookieVersion !== expectedVersion) return null;
+			}
+			return sessionDataPayload.session;
+		}
+	}
+	return null;
+};
+
+//#endregion
+export { HOST_COOKIE_PREFIX, SECURE_COOKIE_PREFIX, createCookieGetter, createSessionStore, deleteSessionCookie, expireCookie, getChunkedCookie, getCookieCache, getCookies, getSessionCookie, parseCookies, parseSetCookieHeader, setCookieCache, setCookieToHeader, setSessionCookie, splitSetCookieHeader, stripSecureCookiePrefix };
+//# sourceMappingURL=index.mjs.map

package/dist/cookies/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.mjs","names":[],"sources":["../../src/cookies/index.ts"],"sourcesContent":["import type {\n\tBetterAuthCookie,\n\tBetterAuthCookies,\n\tBetterAuthOptions,\n\tGenericEndpointContext,\n} from \"@better-auth/core\";\nimport { env, isProduction } from \"@better-auth/core/env\";\nimport { BetterAuthError } from \"@better-auth/core/error\";\nimport { filterOutputFields } from \"@better-auth/core/utils/db\";\nimport { safeJSONParse } from \"@better-auth/core/utils/json\";\nimport { base64Url } from \"@better-auth/utils/base64\";\nimport { binary } from \"@better-auth/utils/binary\";\nimport { createHMAC } from \"@better-auth/utils/hmac\";\nimport type { CookieOptions } from \"better-call\";\nimport {\n\tsignJWT,\n\tsymmetricDecodeJWT,\n\tsymmetricEncodeJWT,\n\tverifyJWT,\n} from \"../crypto/jwt\";\nimport { parseUserOutput } from \"../db/schema\";\nimport type { Session, User } from \"../types\";\nimport { getDate } from \"../utils/date\";\nimport { isPromise } from \"../utils/is-promise\";\nimport { sec } from \"../utils/time\";\nimport { SECURE_COOKIE_PREFIX } from \"./cookie-utils\";\nimport {\n\tcreateAccountStore,\n\tcreateSessionStore,\n\tgetAccountCookie,\n\tsetAccountCookie,\n} from \"./session-store\";\n\nexport function createCookieGetter(options: BetterAuthOptions) {\n\tconst secure =\n\t\toptions.advanced?.useSecureCookies !== undefined\n\t\t\t? options.advanced?.useSecureCookies\n\t\t\t: options.baseURL\n\t\t\t\t? options.baseURL.startsWith(\"https://\")\n\t\t\t\t\t? true\n\t\t\t\t\t: false\n\t\t\t\t: isProduction;\n\tconst secureCookiePrefix = secure ? SECURE_COOKIE_PREFIX : \"\";\n\tconst crossSubdomainEnabled =\n\t\t!!options.advanced?.crossSubDomainCookies?.enabled;\n\tconst domain = crossSubdomainEnabled\n\t\t? options.advanced?.crossSubDomainCookies?.domain ||\n\t\t\t(options.baseURL ? new URL(options.baseURL).hostname : undefined)\n\t\t: undefined;\n\tif (crossSubdomainEnabled && !domain) {\n\t\tthrow new BetterAuthError(\n\t\t\t\"baseURL is required when crossSubdomainCookies are enabled\",\n\t\t);\n\t}\n\tfunction createCookie(\n\t\tcookieName: string,\n\t\toverrideAttributes: Partial<CookieOptions> = {},\n\t) {\n\t\tconst prefix = options.advanced?.cookiePrefix || \"better-auth\";\n\t\tconst name =\n\t\t\toptions.advanced?.cookies?.[cookieName]?.name ||\n\t\t\t`${prefix}.${cookieName}`;\n\t\tconst attributes =\n\t\t\toptions.advanced?.cookies?.[cookieName]?.attributes ?? {};\n\n\t\treturn {\n\t\t\tname: `${secureCookiePrefix}${name}`,\n\t\t\tattributes: {\n\t\t\t\tsecure: !!secureCookiePrefix,\n\t\t\t\tsameSite: \"lax\",\n\t\t\t\tpath: \"/\",\n\t\t\t\thttpOnly: true,\n\t\t\t\t...(crossSubdomainEnabled ? { domain } : {}),\n\t\t\t\t...options.advanced?.defaultCookieAttributes,\n\t\t\t\t...overrideAttributes,\n\t\t\t\t...attributes,\n\t\t\t},\n\t\t} satisfies BetterAuthCookie;\n\t}\n\treturn createCookie;\n}\n\nexport function getCookies(options: BetterAuthOptions) {\n\tconst createCookie = createCookieGetter(options);\n\tconst sessionMaxAge = options.session?.expiresIn || sec(\"7d\");\n\tconst sessionToken = createCookie(\"session_token\", {\n\t\tmaxAge: sessionMaxAge,\n\t});\n\tconst sessionData = createCookie(\"session_data\", {\n\t\tmaxAge: options.session?.cookieCache?.maxAge || 60 * 5,\n\t});\n\tconst accountData = createCookie(\"account_data\", {\n\t\tmaxAge: options.session?.cookieCache?.maxAge || 60 * 5,\n\t});\n\tconst dontRememberToken = createCookie(\"dont_remember\");\n\treturn {\n\t\tsessionToken: {\n\t\t\tname: sessionToken.name,\n\t\t\tattributes: sessionToken.attributes,\n\t\t},\n\t\t/**\n\t\t * This cookie is used to store the session data in the cookie\n\t\t * This is useful for when you want to cache the session in the cookie\n\t\t */\n\t\tsessionData: {\n\t\t\tname: sessionData.name,\n\t\t\tattributes: sessionData.attributes,\n\t\t},\n\t\tdontRememberToken: {\n\t\t\tname: dontRememberToken.name,\n\t\t\tattributes: dontRememberToken.attributes,\n\t\t},\n\t\taccountData: {\n\t\t\tname: accountData.name,\n\t\t\tattributes: accountData.attributes,\n\t\t},\n\t};\n}\n\nexport async function setCookieCache(\n\tctx: GenericEndpointContext,\n\tsession: {\n\t\tsession: Session & Record<string, any>;\n\t\tuser: User;\n\t},\n\tdontRememberMe: boolean,\n) {\n\tif (!ctx.context.options.session?.cookieCache?.enabled) {\n\t\treturn;\n\t}\n\n\tconst filteredSession = filterOutputFields(\n\t\tsession.session,\n\t\tctx.context.options.session?.additionalFields,\n\t);\n\n\tconst filteredUser = parseUserOutput(ctx.context.options, session.user);\n\n\tconst versionConfig = ctx.context.options.session?.cookieCache?.version;\n\tlet version = \"1\";\n\tif (versionConfig) {\n\t\tif (typeof versionConfig === \"string\") {\n\t\t\tversion = versionConfig;\n\t\t} else if (typeof versionConfig === \"function\") {\n\t\t\tconst result = versionConfig(session.session, session.user);\n\t\t\tversion = isPromise(result) ? await result : result;\n\t\t}\n\t}\n\n\tconst sessionData = {\n\t\tsession: filteredSession,\n\t\tuser: filteredUser,\n\t\tupdatedAt: Date.now(),\n\t\tversion,\n\t};\n\n\tconst options = {\n\t\t...ctx.context.authCookies.sessionData.attributes,\n\t\tmaxAge: dontRememberMe\n\t\t\t? undefined\n\t\t\t: ctx.context.authCookies.sessionData.attributes.maxAge,\n\t};\n\n\tconst expiresAtDate = getDate(options.maxAge || 60, \"sec\").getTime();\n\tconst strategy =\n\t\tctx.context.options.session?.cookieCache?.strategy || \"compact\";\n\n\tlet data: string;\n\n\tif (strategy === \"jwe\") {\n\t\t// Use JWE strategy (JSON Web Encryption) with A256CBC-HS512 + HKDF\n\t\tdata = await symmetricEncodeJWT(\n\t\t\tsessionData,\n\t\t\tctx.context.secret,\n\t\t\t\"better-auth-session\",\n\t\t\toptions.maxAge || 60 * 5,\n\t\t);\n\t} else if (strategy === \"jwt\") {\n\t\t// Use JWT strategy with HMAC-SHA256 signature (HS256), no encryption\n\t\tdata = await signJWT(\n\t\t\tsessionData,\n\t\t\tctx.context.secret,\n\t\t\toptions.maxAge || 60 * 5,\n\t\t);\n\t} else {\n\t\t// Use compact strategy (base64url + HMAC, no JWT spec overhead)\n\t\t// Also handles legacy \"base64-hmac\" for backward compatibility\n\t\tdata = base64Url.encode(\n\t\t\tJSON.stringify({\n\t\t\t\tsession: sessionData,\n\t\t\t\texpiresAt: expiresAtDate,\n\t\t\t\tsignature: await createHMAC(\"SHA-256\", \"base64urlnopad\").sign(\n\t\t\t\t\tctx.context.secret,\n\t\t\t\t\tJSON.stringify({\n\t\t\t\t\t\t...sessionData,\n\t\t\t\t\t\texpiresAt: expiresAtDate,\n\t\t\t\t\t}),\n\t\t\t\t),\n\t\t\t}),\n\t\t\t{\n\t\t\t\tpadding: false,\n\t\t\t},\n\t\t);\n\t}\n\n\t// Check if we need to chunk the cookie (only if it exceeds 4093 bytes)\n\tif (data.length > 4093) {\n\t\tconst sessionStore = createSessionStore(\n\t\t\tctx.context.authCookies.sessionData.name,\n\t\t\toptions,\n\t\t\tctx,\n\t\t);\n\t\tconst cookies = sessionStore.chunk(data, options);\n\t\tsessionStore.setCookies(cookies);\n\t} else {\n\t\tconst sessionStore = createSessionStore(\n\t\t\tctx.context.authCookies.sessionData.name,\n\t\t\toptions,\n\t\t\tctx,\n\t\t);\n\t\tif (sessionStore.hasChunks()) {\n\t\t\tconst cleanCookies = sessionStore.clean();\n\t\t\tsessionStore.setCookies(cleanCookies);\n\t\t}\n\t\tctx.setCookie(ctx.context.authCookies.sessionData.name, data, options);\n\t}\n\n\t// Refresh account cookie to keep it in sync\n\tif (ctx.context.options.account?.storeAccountCookie) {\n\t\tconst accountData = await getAccountCookie(ctx);\n\t\tif (accountData) {\n\t\t\tawait setAccountCookie(ctx, accountData);\n\t\t}\n\t}\n}\n\nexport async function setSessionCookie(\n\tctx: GenericEndpointContext,\n\tsession: {\n\t\tsession: Session & Record<string, any>;\n\t\tuser: User;\n\t},\n\tdontRememberMe?: boolean | undefined,\n\toverrides?: Partial<CookieOptions> | undefined,\n) {\n\tconst dontRememberMeCookie = await ctx.getSignedCookie(\n\t\tctx.context.authCookies.dontRememberToken.name,\n\t\tctx.context.secret,\n\t);\n\t// if dontRememberMe is not set, use the cookie value\n\tdontRememberMe =\n\t\tdontRememberMe !== undefined ? dontRememberMe : !!dontRememberMeCookie;\n\n\tconst options = ctx.context.authCookies.sessionToken.attributes;\n\tconst maxAge = dontRememberMe\n\t\t? undefined\n\t\t: ctx.context.sessionConfig.expiresIn;\n\tawait ctx.setSignedCookie(\n\t\tctx.context.authCookies.sessionToken.name,\n\t\tsession.session.token,\n\t\tctx.context.secret,\n\t\t{\n\t\t\t...options,\n\t\t\tmaxAge,\n\t\t\t...overrides,\n\t\t},\n\t);\n\n\tif (dontRememberMe) {\n\t\tawait ctx.setSignedCookie(\n\t\t\tctx.context.authCookies.dontRememberToken.name,\n\t\t\t\"true\",\n\t\t\tctx.context.secret,\n\t\t\tctx.context.authCookies.dontRememberToken.attributes,\n\t\t);\n\t}\n\tawait setCookieCache(ctx, session, dontRememberMe);\n\tctx.context.setNewSession(session);\n}\n\n/**\n * Expires a cookie by setting `maxAge: 0` while preserving its attributes\n */\nexport function expireCookie(\n\tctx: GenericEndpointContext,\n\tcookie: BetterAuthCookie,\n) {\n\tctx.setCookie(cookie.name, \"\", {\n\t\t...cookie.attributes,\n\t\tmaxAge: 0,\n\t});\n}\n\nexport function deleteSessionCookie(\n\tctx: GenericEndpointContext,\n\tskipDontRememberMe?: boolean | undefined,\n) {\n\texpireCookie(ctx, ctx.context.authCookies.sessionToken);\n\texpireCookie(ctx, ctx.context.authCookies.sessionData);\n\n\tif (ctx.context.options.account?.storeAccountCookie) {\n\t\texpireCookie(ctx, ctx.context.authCookies.accountData);\n\n\t\t//clean up the account data chunks\n\t\tconst accountStore = createAccountStore(\n\t\t\tctx.context.authCookies.accountData.name,\n\t\t\tctx.context.authCookies.accountData.attributes,\n\t\t\tctx,\n\t\t);\n\t\tconst cleanCookies = accountStore.clean();\n\t\taccountStore.setCookies(cleanCookies);\n\t}\n\n\tif (ctx.context.oauthConfig.storeStateStrategy === \"cookie\") {\n\t\texpireCookie(ctx, ctx.context.createAuthCookie(\"oauth_state\"));\n\t}\n\n\t// Use createSessionStore to clean up all session data chunks\n\tconst sessionStore = createSessionStore(\n\t\tctx.context.authCookies.sessionData.name,\n\t\tctx.context.authCookies.sessionData.attributes,\n\t\tctx,\n\t);\n\tconst cleanCookies = sessionStore.clean();\n\tsessionStore.setCookies(cleanCookies);\n\n\tif (!skipDontRememberMe) {\n\t\texpireCookie(ctx, ctx.context.authCookies.dontRememberToken);\n\t}\n}\n\nexport function parseCookies(cookieHeader: string) {\n\tconst cookies = cookieHeader.split(\"; \");\n\tconst cookieMap = new Map<string, string>();\n\n\tcookies.forEach((cookie) => {\n\t\tconst [name, value] = cookie.split(/=(.*)/s);\n\t\tcookieMap.set(name!, value!);\n\t});\n\treturn cookieMap;\n}\n\nexport type EligibleCookies = (string & {}) | (keyof BetterAuthCookies & {});\n\nexport const getSessionCookie = (\n\trequest: Request | Headers,\n\tconfig?:\n\t\t| {\n\t\t\t\tcookiePrefix?: string;\n\t\t\t\tcookieName?: string;\n\t\t\t\tpath?: string;\n\t\t  }\n\t\t| undefined,\n) => {\n\tconst headers =\n\t\trequest instanceof Headers || !(\"headers\" in request)\n\t\t\t? request\n\t\t\t: request.headers;\n\tconst cookies = headers.get(\"cookie\");\n\tif (!cookies) {\n\t\treturn null;\n\t}\n\tconst { cookieName = \"session_token\", cookiePrefix = \"better-auth\" } =\n\t\tconfig || {};\n\tconst parsedCookie = parseCookies(cookies);\n\tconst getCookie = (name: string) =>\n\t\tparsedCookie.get(name) ||\n\t\tparsedCookie.get(`${SECURE_COOKIE_PREFIX}${name}`);\n\n\tconst sessionToken =\n\t\tgetCookie(`${cookiePrefix}.${cookieName}`) ||\n\t\tgetCookie(`${cookiePrefix}-${cookieName}`);\n\tif (sessionToken) {\n\t\treturn sessionToken;\n\t}\n\n\treturn null;\n};\n\nexport const getCookieCache = async <\n\tS extends {\n\t\tsession: Session & Record<string, any>;\n\t\tuser: User & Record<string, any>;\n\t\tupdatedAt: number;\n\t\tversion?: string;\n\t},\n>(\n\trequest: Request | Headers,\n\tconfig?:\n\t\t| {\n\t\t\t\tcookiePrefix?: string;\n\t\t\t\tcookieName?: string;\n\t\t\t\tisSecure?: boolean;\n\t\t\t\tsecret?: string;\n\t\t\t\tstrategy?: \"compact\" | \"jwt\" | \"jwe\"; // base64-hmac for backward compatibility\n\t\t\t\tversion?:\n\t\t\t\t\t| string\n\t\t\t\t\t| ((\n\t\t\t\t\t\t\tsession: Session & Record<string, any>,\n\t\t\t\t\t\t\tuser: User & Record<string, any>,\n\t\t\t\t\t  ) => string)\n\t\t\t\t\t| ((\n\t\t\t\t\t\t\tsession: Session & Record<string, any>,\n\t\t\t\t\t\t\tuser: User & Record<string, any>,\n\t\t\t\t\t  ) => Promise<string>);\n\t\t  }\n\t\t| undefined,\n) => {\n\tconst headers =\n\t\trequest instanceof Headers || !(\"headers\" in request)\n\t\t\t? request\n\t\t\t: request.headers;\n\tconst cookies = headers.get(\"cookie\");\n\tif (!cookies) {\n\t\treturn null;\n\t}\n\tconst { cookieName = \"session_data\", cookiePrefix = \"better-auth\" } =\n\t\tconfig || {};\n\tconst name =\n\t\tconfig?.isSecure !== undefined\n\t\t\t? config.isSecure\n\t\t\t\t? `${SECURE_COOKIE_PREFIX}${cookiePrefix}.${cookieName}`\n\t\t\t\t: `${cookiePrefix}.${cookieName}`\n\t\t\t: isProduction\n\t\t\t\t? `${SECURE_COOKIE_PREFIX}${cookiePrefix}.${cookieName}`\n\t\t\t\t: `${cookiePrefix}.${cookieName}`;\n\tconst parsedCookie = parseCookies(cookies);\n\n\t// Check for chunked cookies\n\tlet sessionData = parsedCookie.get(name);\n\tif (!sessionData) {\n\t\t// Try to reconstruct from chunks\n\t\tconst chunks: Array<{ index: number; value: string }> = [];\n\t\tfor (const [cookieName, value] of parsedCookie.entries()) {\n\t\t\tif (cookieName.startsWith(name + \".\")) {\n\t\t\t\tconst parts = cookieName.split(\".\");\n\t\t\t\tconst indexStr = parts[parts.length - 1];\n\t\t\t\tconst index = parseInt(indexStr || \"0\", 10);\n\t\t\t\tif (!isNaN(index)) {\n\t\t\t\t\tchunks.push({ index, value });\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\tif (chunks.length > 0) {\n\t\t\t// Sort by index and join\n\t\t\tchunks.sort((a, b) => a.index - b.index);\n\t\t\tsessionData = chunks.map((c) => c.value).join(\"\");\n\t\t}\n\t}\n\n\tif (sessionData) {\n\t\tconst secret = config?.secret || env.BETTER_AUTH_SECRET;\n\t\tif (!secret) {\n\t\t\tthrow new BetterAuthError(\n\t\t\t\t\"getCookieCache requires a secret to be provided. Either pass it as an option or set the BETTER_AUTH_SECRET environment variable\",\n\t\t\t);\n\t\t}\n\n\t\tconst strategy = config?.strategy || \"compact\";\n\n\t\tif (strategy === \"jwe\") {\n\t\t\t// Use JWE strategy (encrypted)\n\t\t\tconst payload = await symmetricDecodeJWT<S>(\n\t\t\t\tsessionData,\n\t\t\t\tsecret,\n\t\t\t\t\"better-auth-session\",\n\t\t\t);\n\n\t\t\tif (payload && payload.session && payload.user) {\n\t\t\t\t// Validate version if provided\n\t\t\t\tif (config?.version) {\n\t\t\t\t\tconst cookieVersion = payload.version || \"1\";\n\t\t\t\t\tlet expectedVersion = \"1\";\n\t\t\t\t\tif (typeof config.version === \"string\") {\n\t\t\t\t\t\texpectedVersion = config.version;\n\t\t\t\t\t} else if (typeof config.version === \"function\") {\n\t\t\t\t\t\tconst result = config.version(payload.session, payload.user);\n\t\t\t\t\t\texpectedVersion = isPromise(result) ? await result : result;\n\t\t\t\t\t}\n\t\t\t\t\tif (cookieVersion !== expectedVersion) {\n\t\t\t\t\t\treturn null;\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\treturn payload;\n\t\t\t}\n\t\t\treturn null;\n\t\t} else if (strategy === \"jwt\") {\n\t\t\t// Use JWT strategy with HMAC signature (HS256), no encryption\n\t\t\tconst payload = await verifyJWT<S>(sessionData, secret);\n\n\t\t\tif (payload && payload.session && payload.user) {\n\t\t\t\t// Validate version if provided\n\t\t\t\tif (config?.version) {\n\t\t\t\t\tconst cookieVersion = payload.version || \"1\";\n\t\t\t\t\tlet expectedVersion = \"1\";\n\t\t\t\t\tif (typeof config.version === \"string\") {\n\t\t\t\t\t\texpectedVersion = config.version;\n\t\t\t\t\t} else if (typeof config.version === \"function\") {\n\t\t\t\t\t\tconst result = config.version(payload.session, payload.user);\n\t\t\t\t\t\texpectedVersion = isPromise(result) ? await result : result;\n\t\t\t\t\t}\n\t\t\t\t\tif (cookieVersion !== expectedVersion) {\n\t\t\t\t\t\treturn null;\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\treturn payload;\n\t\t\t}\n\t\t\treturn null;\n\t\t} else {\n\t\t\t// Use compact strategy (or legacy base64-hmac)\n\t\t\tconst sessionDataPayload = safeJSONParse<{\n\t\t\t\tsession: S;\n\t\t\t\texpiresAt: number;\n\t\t\t\tsignature: string;\n\t\t\t}>(binary.decode(base64Url.decode(sessionData)));\n\t\t\tif (!sessionDataPayload) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\tconst isValid = await createHMAC(\"SHA-256\", \"base64urlnopad\").verify(\n\t\t\t\tsecret,\n\t\t\t\tJSON.stringify({\n\t\t\t\t\t...sessionDataPayload.session,\n\t\t\t\t\texpiresAt: sessionDataPayload.expiresAt,\n\t\t\t\t}),\n\t\t\t\tsessionDataPayload.signature,\n\t\t\t);\n\t\t\tif (!isValid) {\n\t\t\t\treturn null;\n\t\t\t}\n\n\t\t\t// Validate version if provided\n\t\t\tif (config?.version && sessionDataPayload.session) {\n\t\t\t\tconst cookieVersion = sessionDataPayload.session.version || \"1\";\n\t\t\t\tlet expectedVersion = \"1\";\n\t\t\t\tif (typeof config.version === \"string\") {\n\t\t\t\t\texpectedVersion = config.version;\n\t\t\t\t} else if (typeof config.version === \"function\") {\n\t\t\t\t\tconst result = config.version(\n\t\t\t\t\t\tsessionDataPayload.session.session,\n\t\t\t\t\t\tsessionDataPayload.session.user,\n\t\t\t\t\t);\n\t\t\t\t\texpectedVersion = isPromise(result) ? await result : result;\n\t\t\t\t}\n\t\t\t\tif (cookieVersion !== expectedVersion) {\n\t\t\t\t\treturn null;\n\t\t\t\t}\n\t\t\t}\n\n\t\t\treturn sessionDataPayload.session;\n\t\t}\n\t}\n\treturn null;\n};\n\nexport * from \"./cookie-utils\";\nexport { createSessionStore, getChunkedCookie } from \"./session-store\";\n"],"mappings":";;;;;;;;;;;;;;;;AAiCA,SAAgB,mBAAmB,SAA4B;CAS9D,MAAM,sBAPL,QAAQ,UAAU,qBAAqB,SACpC,QAAQ,UAAU,mBAClB,QAAQ,UACP,QAAQ,QAAQ,WAAW,WAAW,GACrC,OACA,QACD,gBAC+B,uBAAuB;CAC3D,MAAM,wBACL,CAAC,CAAC,QAAQ,UAAU,uBAAuB;CAC5C,MAAM,SAAS,wBACZ,QAAQ,UAAU,uBAAuB,WACzC,QAAQ,UAAU,IAAI,IAAI,QAAQ,QAAQ,CAAC,WAAW,UACtD;AACH,KAAI,yBAAyB,CAAC,OAC7B,OAAM,IAAI,gBACT,6DACA;CAEF,SAAS,aACR,YACA,qBAA6C,EAAE,EAC9C;EACD,MAAM,SAAS,QAAQ,UAAU,gBAAgB;EACjD,MAAM,OACL,QAAQ,UAAU,UAAU,aAAa,QACzC,GAAG,OAAO,GAAG;EACd,MAAM,aACL,QAAQ,UAAU,UAAU,aAAa,cAAc,EAAE;AAE1D,SAAO;GACN,MAAM,GAAG,qBAAqB;GAC9B,YAAY;IACX,QAAQ,CAAC,CAAC;IACV,UAAU;IACV,MAAM;IACN,UAAU;IACV,GAAI,wBAAwB,EAAE,QAAQ,GAAG,EAAE;IAC3C,GAAG,QAAQ,UAAU;IACrB,GAAG;IACH,GAAG;IACH;GACD;;AAEF,QAAO;;AAGR,SAAgB,WAAW,SAA4B;CACtD,MAAM,eAAe,mBAAmB,QAAQ;CAEhD,MAAM,eAAe,aAAa,iBAAiB,EAClD,QAFqB,QAAQ,SAAS,aAAa,IAAI,KAAK,EAG5D,CAAC;CACF,MAAM,cAAc,aAAa,gBAAgB,EAChD,QAAQ,QAAQ,SAAS,aAAa,UAAU,KAChD,CAAC;CACF,MAAM,cAAc,aAAa,gBAAgB,EAChD,QAAQ,QAAQ,SAAS,aAAa,UAAU,KAChD,CAAC;CACF,MAAM,oBAAoB,aAAa,gBAAgB;AACvD,QAAO;EACN,cAAc;GACb,MAAM,aAAa;GACnB,YAAY,aAAa;GACzB;EAKD,aAAa;GACZ,MAAM,YAAY;GAClB,YAAY,YAAY;GACxB;EACD,mBAAmB;GAClB,MAAM,kBAAkB;GACxB,YAAY,kBAAkB;GAC9B;EACD,aAAa;GACZ,MAAM,YAAY;GAClB,YAAY,YAAY;GACxB;EACD;;AAGF,eAAsB,eACrB,KACA,SAIA,gBACC;AACD,KAAI,CAAC,IAAI,QAAQ,QAAQ,SAAS,aAAa,QAC9C;CAGD,MAAM,kBAAkB,mBACvB,QAAQ,SACR,IAAI,QAAQ,QAAQ,SAAS,iBAC7B;CAED,MAAM,eAAe,gBAAgB,IAAI,QAAQ,SAAS,QAAQ,KAAK;CAEvE,MAAM,gBAAgB,IAAI,QAAQ,QAAQ,SAAS,aAAa;CAChE,IAAI,UAAU;AACd,KAAI,eACH;MAAI,OAAO,kBAAkB,SAC5B,WAAU;WACA,OAAO,kBAAkB,YAAY;GAC/C,MAAM,SAAS,cAAc,QAAQ,SAAS,QAAQ,KAAK;AAC3D,aAAU,UAAU,OAAO,GAAG,MAAM,SAAS;;;CAI/C,MAAM,cAAc;EACnB,SAAS;EACT,MAAM;EACN,WAAW,KAAK,KAAK;EACrB;EACA;CAED,MAAM,UAAU;EACf,GAAG,IAAI,QAAQ,YAAY,YAAY;EACvC,QAAQ,iBACL,SACA,IAAI,QAAQ,YAAY,YAAY,WAAW;EAClD;CAED,MAAM,gBAAgB,QAAQ,QAAQ,UAAU,IAAI,MAAM,CAAC,SAAS;CACpE,MAAM,WACL,IAAI,QAAQ,QAAQ,SAAS,aAAa,YAAY;CAEvD,IAAI;AAEJ,KAAI,aAAa,MAEhB,QAAO,MAAM,mBACZ,aACA,IAAI,QAAQ,QACZ,uBACA,QAAQ,UAAU,IAClB;UACS,aAAa,MAEvB,QAAO,MAAM,QACZ,aACA,IAAI,QAAQ,QACZ,QAAQ,UAAU,IAClB;KAID,QAAO,UAAU,OAChB,KAAK,UAAU;EACd,SAAS;EACT,WAAW;EACX,WAAW,MAAM,WAAW,WAAW,iBAAiB,CAAC,KACxD,IAAI,QAAQ,QACZ,KAAK,UAAU;GACd,GAAG;GACH,WAAW;GACX,CAAC,CACF;EACD,CAAC,EACF,EACC,SAAS,OACT,CACD;AAIF,KAAI,KAAK,SAAS,MAAM;EACvB,MAAM,eAAe,mBACpB,IAAI,QAAQ,YAAY,YAAY,MACpC,SACA,IACA;EACD,MAAM,UAAU,aAAa,MAAM,MAAM,QAAQ;AACjD,eAAa,WAAW,QAAQ;QAC1B;EACN,MAAM,eAAe,mBACpB,IAAI,QAAQ,YAAY,YAAY,MACpC,SACA,IACA;AACD,MAAI,aAAa,WAAW,EAAE;GAC7B,MAAM,eAAe,aAAa,OAAO;AACzC,gBAAa,WAAW,aAAa;;AAEtC,MAAI,UAAU,IAAI,QAAQ,YAAY,YAAY,MAAM,MAAM,QAAQ;;AAIvE,KAAI,IAAI,QAAQ,QAAQ,SAAS,oBAAoB;EACpD,MAAM,cAAc,MAAM,iBAAiB,IAAI;AAC/C,MAAI,YACH,OAAM,iBAAiB,KAAK,YAAY;;;AAK3C,eAAsB,iBACrB,KACA,SAIA,gBACA,WACC;CACD,MAAM,uBAAuB,MAAM,IAAI,gBACtC,IAAI,QAAQ,YAAY,kBAAkB,MAC1C,IAAI,QAAQ,OACZ;AAED,kBACC,mBAAmB,SAAY,iBAAiB,CAAC,CAAC;CAEnD,MAAM,UAAU,IAAI,QAAQ,YAAY,aAAa;CACrD,MAAM,SAAS,iBACZ,SACA,IAAI,QAAQ,cAAc;AAC7B,OAAM,IAAI,gBACT,IAAI,QAAQ,YAAY,aAAa,MACrC,QAAQ,QAAQ,OAChB,IAAI,QAAQ,QACZ;EACC,GAAG;EACH;EACA,GAAG;EACH,CACD;AAED,KAAI,eACH,OAAM,IAAI,gBACT,IAAI,QAAQ,YAAY,kBAAkB,MAC1C,QACA,IAAI,QAAQ,QACZ,IAAI,QAAQ,YAAY,kBAAkB,WAC1C;AAEF,OAAM,eAAe,KAAK,SAAS,eAAe;AAClD,KAAI,QAAQ,cAAc,QAAQ;;;;;AAMnC,SAAgB,aACf,KACA,QACC;AACD,KAAI,UAAU,OAAO,MAAM,IAAI;EAC9B,GAAG,OAAO;EACV,QAAQ;EACR,CAAC;;AAGH,SAAgB,oBACf,KACA,oBACC;AACD,cAAa,KAAK,IAAI,QAAQ,YAAY,aAAa;AACvD,cAAa,KAAK,IAAI,QAAQ,YAAY,YAAY;AAEtD,KAAI,IAAI,QAAQ,QAAQ,SAAS,oBAAoB;AACpD,eAAa,KAAK,IAAI,QAAQ,YAAY,YAAY;EAGtD,MAAM,eAAe,mBACpB,IAAI,QAAQ,YAAY,YAAY,MACpC,IAAI,QAAQ,YAAY,YAAY,YACpC,IACA;EACD,MAAM,eAAe,aAAa,OAAO;AACzC,eAAa,WAAW,aAAa;;AAGtC,KAAI,IAAI,QAAQ,YAAY,uBAAuB,SAClD,cAAa,KAAK,IAAI,QAAQ,iBAAiB,cAAc,CAAC;CAI/D,MAAM,eAAe,mBACpB,IAAI,QAAQ,YAAY,YAAY,MACpC,IAAI,QAAQ,YAAY,YAAY,YACpC,IACA;CACD,MAAM,eAAe,aAAa,OAAO;AACzC,cAAa,WAAW,aAAa;AAErC,KAAI,CAAC,mBACJ,cAAa,KAAK,IAAI,QAAQ,YAAY,kBAAkB;;AAI9D,SAAgB,aAAa,cAAsB;CAClD,MAAM,UAAU,aAAa,MAAM,KAAK;CACxC,MAAM,4BAAY,IAAI,KAAqB;AAE3C,SAAQ,SAAS,WAAW;EAC3B,MAAM,CAAC,MAAM,SAAS,OAAO,MAAM,SAAS;AAC5C,YAAU,IAAI,MAAO,MAAO;GAC3B;AACF,QAAO;;AAKR,MAAa,oBACZ,SACA,WAOI;CAKJ,MAAM,WAHL,mBAAmB,WAAW,EAAE,aAAa,WAC1C,UACA,QAAQ,SACY,IAAI,SAAS;AACrC,KAAI,CAAC,QACJ,QAAO;CAER,MAAM,EAAE,aAAa,iBAAiB,eAAe,kBACpD,UAAU,EAAE;CACb,MAAM,eAAe,aAAa,QAAQ;CAC1C,MAAM,aAAa,SAClB,aAAa,IAAI,KAAK,IACtB,aAAa,IAAI,GAAG,uBAAuB,OAAO;CAEnD,MAAM,eACL,UAAU,GAAG,aAAa,GAAG,aAAa,IAC1C,UAAU,GAAG,aAAa,GAAG,aAAa;AAC3C,KAAI,aACH,QAAO;AAGR,QAAO;;AAGR,MAAa,iBAAiB,OAQ7B,SACA,WAmBI;CAKJ,MAAM,WAHL,mBAAmB,WAAW,EAAE,aAAa,WAC1C,UACA,QAAQ,SACY,IAAI,SAAS;AACrC,KAAI,CAAC,QACJ,QAAO;CAER,MAAM,EAAE,aAAa,gBAAgB,eAAe,kBACnD,UAAU,EAAE;CACb,MAAM,OACL,QAAQ,aAAa,SAClB,OAAO,WACN,GAAG,uBAAuB,aAAa,GAAG,eAC1C,GAAG,aAAa,GAAG,eACpB,eACC,GAAG,uBAAuB,aAAa,GAAG,eAC1C,GAAG,aAAa,GAAG;CACxB,MAAM,eAAe,aAAa,QAAQ;CAG1C,IAAI,cAAc,aAAa,IAAI,KAAK;AACxC,KAAI,CAAC,aAAa;EAEjB,MAAM,SAAkD,EAAE;AAC1D,OAAK,MAAM,CAAC,YAAY,UAAU,aAAa,SAAS,CACvD,KAAI,WAAW,WAAW,OAAO,IAAI,EAAE;GACtC,MAAM,QAAQ,WAAW,MAAM,IAAI;GACnC,MAAM,WAAW,MAAM,MAAM,SAAS;GACtC,MAAM,QAAQ,SAAS,YAAY,KAAK,GAAG;AAC3C,OAAI,CAAC,MAAM,MAAM,CAChB,QAAO,KAAK;IAAE;IAAO;IAAO,CAAC;;AAKhC,MAAI,OAAO,SAAS,GAAG;AAEtB,UAAO,MAAM,GAAG,MAAM,EAAE,QAAQ,EAAE,MAAM;AACxC,iBAAc,OAAO,KAAK,MAAM,EAAE,MAAM,CAAC,KAAK,GAAG;;;AAInD,KAAI,aAAa;EAChB,MAAM,SAAS,QAAQ,UAAU,IAAI;AACrC,MAAI,CAAC,OACJ,OAAM,IAAI,gBACT,kIACA;EAGF,MAAM,WAAW,QAAQ,YAAY;AAErC,MAAI,aAAa,OAAO;GAEvB,MAAM,UAAU,MAAM,mBACrB,aACA,QACA,sBACA;AAED,OAAI,WAAW,QAAQ,WAAW,QAAQ,MAAM;AAE/C,QAAI,QAAQ,SAAS;KACpB,MAAM,gBAAgB,QAAQ,WAAW;KACzC,IAAI,kBAAkB;AACtB,SAAI,OAAO,OAAO,YAAY,SAC7B,mBAAkB,OAAO;cACf,OAAO,OAAO,YAAY,YAAY;MAChD,MAAM,SAAS,OAAO,QAAQ,QAAQ,SAAS,QAAQ,KAAK;AAC5D,wBAAkB,UAAU,OAAO,GAAG,MAAM,SAAS;;AAEtD,SAAI,kBAAkB,gBACrB,QAAO;;AAGT,WAAO;;AAER,UAAO;aACG,aAAa,OAAO;GAE9B,MAAM,UAAU,MAAM,UAAa,aAAa,OAAO;AAEvD,OAAI,WAAW,QAAQ,WAAW,QAAQ,MAAM;AAE/C,QAAI,QAAQ,SAAS;KACpB,MAAM,gBAAgB,QAAQ,WAAW;KACzC,IAAI,kBAAkB;AACtB,SAAI,OAAO,OAAO,YAAY,SAC7B,mBAAkB,OAAO;cACf,OAAO,OAAO,YAAY,YAAY;MAChD,MAAM,SAAS,OAAO,QAAQ,QAAQ,SAAS,QAAQ,KAAK;AAC5D,wBAAkB,UAAU,OAAO,GAAG,MAAM,SAAS;;AAEtD,SAAI,kBAAkB,gBACrB,QAAO;;AAGT,WAAO;;AAER,UAAO;SACD;GAEN,MAAM,qBAAqB,cAIxB,OAAO,OAAO,UAAU,OAAO,YAAY,CAAC,CAAC;AAChD,OAAI,CAAC,mBACJ,QAAO;AAUR,OAAI,CARY,MAAM,WAAW,WAAW,iBAAiB,CAAC,OAC7D,QACA,KAAK,UAAU;IACd,GAAG,mBAAmB;IACtB,WAAW,mBAAmB;IAC9B,CAAC,EACF,mBAAmB,UACnB,CAEA,QAAO;AAIR,OAAI,QAAQ,WAAW,mBAAmB,SAAS;IAClD,MAAM,gBAAgB,mBAAmB,QAAQ,WAAW;IAC5D,IAAI,kBAAkB;AACtB,QAAI,OAAO,OAAO,YAAY,SAC7B,mBAAkB,OAAO;aACf,OAAO,OAAO,YAAY,YAAY;KAChD,MAAM,SAAS,OAAO,QACrB,mBAAmB,QAAQ,SAC3B,mBAAmB,QAAQ,KAC3B;AACD,uBAAkB,UAAU,OAAO,GAAG,MAAM,SAAS;;AAEtD,QAAI,kBAAkB,gBACrB,QAAO;;AAIT,UAAO,mBAAmB;;;AAG5B,QAAO"}

package/dist/cookies/session-store.d.mts

@@ -0,0 +1,36 @@
+import { GenericEndpointContext } from "@better-auth/core";
+import { CookieOptions } from "better-call";
+import "zod";
+
+//#region src/cookies/session-store.d.ts
+interface Cookie {
+  name: string;
+  value: string;
+  attributes: CookieOptions;
+}
+declare const createSessionStore: (cookieName: string, cookieOptions: CookieOptions, ctx: GenericEndpointContext) => {
+  /**
+   * Get the full session data by joining all chunks
+   */
+  getValue(): string;
+  /**
+   * Check if there are existing chunks
+   */
+  hasChunks(): boolean;
+  /**
+   * Chunk a cookie value and return all cookies to set (including cleanup cookies)
+   */
+  chunk(value: string, options?: Partial<CookieOptions>): Cookie[];
+  /**
+   * Get cookies to clean up all chunks
+   */
+  clean(): Cookie[];
+  /**
+   * Set all cookies in the context
+   */
+  setCookies(cookies: Cookie[]): void;
+};
+declare function getChunkedCookie(ctx: GenericEndpointContext, cookieName: string): string | null;
+//#endregion
+export { createSessionStore, getChunkedCookie };
+//# sourceMappingURL=session-store.d.mts.map