better-auth 1.6.16 → 1.6.18

package/dist/client/session-atom.mjs

@@ -1,21 +1,146 @@
-import { useAuthQuery } from "./query.mjs";
+import { isJsonEqual, withEquality } from "./equality.mjs";
 import { createSessionRefreshManager } from "./session-refresh.mjs";
 import { atom, onMount } from "nanostores";
 //#region src/client/session-atom.ts
+const isServer = () => typeof window === "undefined";
+/**
+* Normalize $fetch response: `throw: true` returns data directly,
+* otherwise `{ data, error }`.
+*/
+function normalizeSessionResponse(res) {
+	if (typeof res === "object" && res !== null && "data" in res && "error" in res) return res;
+	return {
+		data: res,
+		error: null
+	};
+}
+function normalizeSessionData(data) {
+	if (!data) return null;
+	if (data.session === null && data.user === null) return null;
+	return data;
+}
+function isSessionAtomEqual(a, b) {
+	return isJsonEqual(a.data, b.data) && a.error === b.error && a.isPending === b.isPending && a.isRefetching === b.isRefetching && a.refetch === b.refetch;
+}
 function getSessionAtom($fetch, options) {
 	const $signal = atom(false);
-	const session = useAuthQuery($signal, "/get-session", $fetch, { method: "GET" });
+	let abortController;
+	const refetch = (queryParams) => fetchSession(queryParams);
+	const session = atom({
+		data: null,
+		error: null,
+		isPending: true,
+		isRefetching: false,
+		refetch
+	});
+	withEquality(session, isSessionAtomEqual);
+	const settleAbortedFetch = (controller) => {
+		if (abortController !== controller) return;
+		const current = session.get();
+		abortController = void 0;
+		if (!current.isPending && !current.isRefetching) return;
+		session.set({
+			...current,
+			isPending: false,
+			isRefetching: false,
+			refetch
+		});
+	};
+	const fetchSession = async (queryParams) => {
+		abortController?.abort();
+		const controller = new AbortController();
+		abortController = controller;
+		const current = session.get();
+		session.set({
+			...current,
+			isPending: current.data === null,
+			isRefetching: true,
+			error: null,
+			refetch
+		});
+		try {
+			const res = await $fetch("/get-session", {
+				method: "GET",
+				query: queryParams?.query,
+				signal: controller.signal
+			});
+			if (controller.signal.aborted) {
+				settleAbortedFetch(controller);
+				return;
+			}
+			let { data, error } = normalizeSessionResponse(res);
+			if (data?.needsRefresh) try {
+				const refreshRes = await $fetch("/get-session", {
+					method: "POST",
+					signal: controller.signal
+				});
+				if (controller.signal.aborted) {
+					settleAbortedFetch(controller);
+					return;
+				}
+				({data, error} = normalizeSessionResponse(refreshRes));
+			} catch {
+				if (controller.signal.aborted) {
+					settleAbortedFetch(controller);
+					return;
+				}
+			}
+			if (error) {
+				const latest = session.get();
+				const isUnauthorized = error?.status === 401;
+				session.set({
+					data: isUnauthorized ? null : latest.data,
+					error,
+					isPending: false,
+					isRefetching: false,
+					refetch
+				});
+				return;
+			}
+			const sessionData = normalizeSessionData(data);
+			const current = session.get();
+			const stableData = current.data != null && sessionData != null && isJsonEqual(current.data, sessionData) ? current.data : sessionData;
+			session.set({
+				data: stableData,
+				error: null,
+				isPending: false,
+				isRefetching: false,
+				refetch
+			});
+		} catch (fetchError) {
+			if (controller.signal.aborted) {
+				settleAbortedFetch(controller);
+				return;
+			}
+			const latest = session.get();
+			session.set({
+				data: latest.data,
+				error: fetchError,
+				isPending: false,
+				isRefetching: false,
+				refetch
+			});
+		}
+	};
 	let broadcastSessionUpdate = () => {};
 	onMount(session, () => {
+		let timeoutId;
+		if (!isServer()) timeoutId = setTimeout(() => {
+			fetchSession();
+		}, 0);
 		const refreshManager = createSessionRefreshManager({
-			sessionAtom: session,
+			fetchSession,
+			shouldPollSession: () => session.get().data != null,
 			sessionSignal: $signal,
-			$fetch,
 			options
 		});
 		refreshManager.init();
 		broadcastSessionUpdate = refreshManager.broadcastSessionUpdate;
 		return () => {
+			if (timeoutId) clearTimeout(timeoutId);
+			const controller = abortController;
+			controller?.abort();
+			if (controller) settleAbortedFetch(controller);
 			refreshManager.cleanup();
 		};
 	});

package/dist/client/session-refresh.d.mts

@@ -1,28 +1,13 @@
-import { Session, User } from "../types/models.mjs";
-import { AuthQueryAtom } from "./query.mjs";
 import { BetterAuthClientOptions } from "@better-auth/core";
 import { WritableAtom } from "nanostores";
-import { BetterFetch } from "@better-fetch/fetch";
 
 //#region src/client/session-refresh.d.ts
 interface SessionRefreshOptions {
-  sessionAtom: AuthQueryAtom<{
-    user: User;
-    session: Session;
-  } & Record<string, any>>;
+  fetchSession: () => Promise<void>;
+  shouldPollSession?: () => boolean;
   sessionSignal: WritableAtom<boolean>;
-  $fetch: BetterFetch;
   options?: BetterAuthClientOptions | undefined;
 }
-type SessionResponse = ({
-  session: null;
-  user: null;
-  needsRefresh?: boolean;
-} | {
-  session: Session;
-  user: User;
-  needsRefresh?: boolean;
-}) & Record<string, any>;
 declare function createSessionRefreshManager(opts: SessionRefreshOptions): {
   init: () => void;
   cleanup: () => void;
@@ -32,4 +17,4 @@ declare function createSessionRefreshManager(opts: SessionRefreshOptions): {
   broadcastSessionUpdate: (trigger: "signout" | "getSession" | "updateUser") => void;
 };
 //#endregion
-export { SessionRefreshOptions, SessionResponse, createSessionRefreshManager };
+export { SessionRefreshOptions, createSessionRefreshManager };

package/dist/client/session-refresh.mjs

@@ -4,28 +4,17 @@ import { getGlobalOnlineManager } from "./online-manager.mjs";
 //#region src/client/session-refresh.ts
 const now = () => Math.floor(Date.now() / 1e3);
 /**
-* Normalize $fetch response: `throw: true` returns data directly, otherwise `{ data, error }`.
-*/
-function normalizeSessionResponse(res) {
-	if (typeof res === "object" && res !== null && "data" in res && "error" in res) return res;
-	return {
-		data: res,
-		error: null
-	};
-}
-/**
 * Rate limit: don't refetch on focus if a session request was made within this many seconds
 */
 const FOCUS_REFETCH_RATE_LIMIT_SECONDS = 5;
 function createSessionRefreshManager(opts) {
-	const { sessionAtom, sessionSignal, $fetch, options = {} } = opts;
+	const { fetchSession, shouldPollSession = () => true, sessionSignal, options = {} } = opts;
 	const refetchInterval = options.sessionOptions?.refetchInterval ?? 0;
 	const refetchOnWindowFocus = options.sessionOptions?.refetchOnWindowFocus ?? true;
 	const refetchWhenOffline = options.sessionOptions?.refetchWhenOffline ?? false;
 	const state = {
-		lastSync: 0,
-		lastSessionRequest: 0,
-		cachedSession: void 0
+		isInitialized: false,
+		lastSessionRequest: 0
 	};
 	const shouldRefetch = () => {
 		return refetchWhenOffline || getGlobalOnlineManager().isOnline;
@@ -33,45 +22,21 @@ function createSessionRefreshManager(opts) {
 	const triggerRefetch = (event) => {
 		if (!shouldRefetch()) return;
 		if (event?.event === "storage") {
-			state.lastSync = now();
-			sessionSignal.set(!sessionSignal.get());
+			fetchSession();
 			return;
 		}
-		const currentSession = sessionAtom.get();
-		const fetchSessionWithRefresh = () => {
-			state.lastSessionRequest = now();
-			$fetch("/get-session").then(async (res) => {
-				let { data, error } = normalizeSessionResponse(res);
-				if (data?.needsRefresh) try {
-					const refreshRes = await $fetch("/get-session", { method: "POST" });
-					({data, error} = normalizeSessionResponse(refreshRes));
-				} catch {}
-				const sessionData = data?.session && data?.user ? data : null;
-				sessionAtom.set({
-					...currentSession,
-					data: sessionData,
-					error
-				});
-				state.lastSync = now();
-				sessionSignal.set(!sessionSignal.get());
-			}).catch(() => {});
-		};
 		if (event?.event === "poll") {
-			fetchSessionWithRefresh();
+			state.lastSessionRequest = now();
+			fetchSession();
 			return;
 		}
 		if (event?.event === "visibilitychange") {
 			if (now() - state.lastSessionRequest < FOCUS_REFETCH_RATE_LIMIT_SECONDS) return;
 			state.lastSessionRequest = now();
-		}
-		if (event?.event === "visibilitychange") {
-			fetchSessionWithRefresh();
+			fetchSession();
 			return;
 		}
-		if (currentSession?.data === null || currentSession?.data === void 0) {
-			state.lastSync = now();
-			sessionSignal.set(!sessionSignal.get());
-		}
+		fetchSession();
 	};
 	const broadcastSessionUpdate = (trigger) => {
 		getGlobalBroadcastChannel().post({
@@ -82,7 +47,7 @@ function createSessionRefreshManager(opts) {
 	};
 	const setupPolling = () => {
 		if (refetchInterval && refetchInterval > 0) state.pollInterval = setInterval(() => {
-			if (sessionAtom.get()?.data) triggerRefetch({ event: "poll" });
+			if (shouldPollSession()) triggerRefetch({ event: "poll" });
 		}, refetchInterval * 1e3);
 	};
 	const setupBroadcast = () => {
@@ -101,16 +66,25 @@ function createSessionRefreshManager(opts) {
 			if (online) triggerRefetch({ event: "visibilitychange" });
 		});
 	};
+	const setupSignalSubscription = () => {
+		state.unsubscribeSignal = sessionSignal.listen(() => {
+			fetchSession();
+		});
+	};
 	const init = () => {
+		if (state.isInitialized) return;
+		state.isInitialized = true;
 		setupPolling();
 		setupBroadcast();
 		setupFocusRefetch();
 		setupOnlineRefetch();
-		getGlobalBroadcastChannel().setup();
-		getGlobalFocusManager().setup();
-		getGlobalOnlineManager().setup();
+		setupSignalSubscription();
+		state.cleanupBroadcastSetup = getGlobalBroadcastChannel().setup();
+		state.cleanupFocusSetup = getGlobalFocusManager().setup();
+		state.cleanupOnlineSetup = getGlobalOnlineManager().setup();
 	};
 	const cleanup = () => {
+		if (!state.isInitialized) return;
 		if (state.pollInterval) {
 			clearInterval(state.pollInterval);
 			state.pollInterval = void 0;
@@ -127,9 +101,24 @@ function createSessionRefreshManager(opts) {
 			state.unsubscribeOnline();
 			state.unsubscribeOnline = void 0;
 		}
-		state.lastSync = 0;
+		if (state.unsubscribeSignal) {
+			state.unsubscribeSignal();
+			state.unsubscribeSignal = void 0;
+		}
+		if (state.cleanupBroadcastSetup) {
+			state.cleanupBroadcastSetup();
+			state.cleanupBroadcastSetup = void 0;
+		}
+		if (state.cleanupFocusSetup) {
+			state.cleanupFocusSetup();
+			state.cleanupFocusSetup = void 0;
+		}
+		if (state.cleanupOnlineSetup) {
+			state.cleanupOnlineSetup();
+			state.cleanupOnlineSetup = void 0;
+		}
+		state.isInitialized = false;
 		state.lastSessionRequest = 0;
-		state.cachedSession = void 0;
 	};
 	return {
 		init,

package/dist/client/solid/index.d.mts

@@ -1,6 +1,6 @@
 import { ExtractPluginField, HasRequiredKeys, InferPluginFieldFromTuple, IsAny, OverrideMerge, Prettify, PrettifyDeep, RequiredKeysOf, StripEmptyObjects, UnionToIntersection } from "../../types/helper.mjs";
 import { InferActions, InferClientAPI, InferErrorCodes, IsSignal, SessionQueryParams } from "../types.mjs";
-import { BetterAuthClientOptions, BetterAuthClientPlugin } from "@better-auth/core";
+import { BetterAuthClientOptions } from "@better-auth/core";
 import { BASE_ERROR_CODES } from "@better-auth/core/error";
 import * as _better_fetch_fetch0 from "@better-fetch/fetch";
 import { BetterFetchError } from "@better-fetch/fetch";
@@ -11,7 +11,9 @@ export * from "@better-fetch/fetch";
 //#region src/client/solid/index.d.ts
 type InferResolvedHooks<O extends BetterAuthClientOptions> = O extends {
   plugins: Array<infer Plugin>;
-} ? UnionToIntersection<Plugin extends BetterAuthClientPlugin ? Plugin["getAtoms"] extends ((fetch: any) => infer Atoms) ? Atoms extends Record<string, any> ? { [key in keyof Atoms as IsSignal<key> extends true ? never : key extends string ? `use${Capitalize<key>}` : never]: () => Accessor<ReturnType<Atoms[key]["get"]>> } : {} : {} : {}> : {};
+} ? UnionToIntersection<Plugin extends {
+  getAtoms?: infer GetAtoms;
+} ? GetAtoms extends ((fetch: any) => infer Atoms) ? Atoms extends Record<string, any> ? { [key in keyof Atoms as IsSignal<key> extends true ? never : key extends string ? `use${Capitalize<key>}` : never]: () => Accessor<ReturnType<Atoms[key]["get"]>> } : {} : {} : {}> : {};
 declare function createAuthClient<Option extends BetterAuthClientOptions>(options?: Option | undefined): UnionToIntersection<InferResolvedHooks<Option>> & InferClientAPI<Option> & InferActions<Option> & {
   useSession: () => Accessor<{
     data: InferClientAPI<Option> extends {

package/dist/client/svelte/index.d.mts

@@ -1,6 +1,6 @@
 import { ExtractPluginField, HasRequiredKeys, InferPluginFieldFromTuple, IsAny, OverrideMerge, Prettify, PrettifyDeep, RequiredKeysOf, StripEmptyObjects, UnionToIntersection } from "../../types/helper.mjs";
 import { InferActions, InferClientAPI, InferErrorCodes, IsSignal, SessionQueryParams } from "../types.mjs";
-import { BetterAuthClientOptions, BetterAuthClientPlugin } from "@better-auth/core";
+import { BetterAuthClientOptions } from "@better-auth/core";
 import { BASE_ERROR_CODES } from "@better-auth/core/error";
 import * as nanostores from "nanostores";
 import { Atom } from "nanostores";
@@ -12,7 +12,9 @@ export * from "@better-fetch/fetch";
 //#region src/client/svelte/index.d.ts
 type InferResolvedHooks<O extends BetterAuthClientOptions> = O extends {
   plugins: Array<infer Plugin>;
-} ? UnionToIntersection<Plugin extends BetterAuthClientPlugin ? Plugin["getAtoms"] extends ((fetch: any) => infer Atoms) ? Atoms extends Record<string, any> ? { [key in keyof Atoms as IsSignal<key> extends true ? never : key extends string ? `use${Capitalize<key>}` : never]: () => Atoms[key] } : {} : {} : {}> : {};
+} ? UnionToIntersection<Plugin extends {
+  getAtoms?: infer GetAtoms;
+} ? GetAtoms extends ((fetch: any) => infer Atoms) ? Atoms extends Record<string, any> ? { [key in keyof Atoms as IsSignal<key> extends true ? never : key extends string ? `use${Capitalize<key>}` : never]: () => Atoms[key] } : {} : {} : {}> : {};
 declare function createAuthClient<Option extends BetterAuthClientOptions>(options?: Option | undefined): UnionToIntersection<InferResolvedHooks<Option>> & InferClientAPI<Option> & InferActions<Option> & {
   useSession: () => Atom<{
     data: InferClientAPI<Option> extends {

package/dist/client/types.d.mts

@@ -3,25 +3,32 @@ import { StripEmptyObjects, UnionToIntersection } from "../types/helper.mjs";
 import { InferRoutes } from "./path-to-object.mjs";
 import { Session as Session$1, User as User$1 } from "../types/models.mjs";
 import { Auth } from "../types/auth.mjs";
-import { BetterAuthClientOptions as BetterAuthClientOptions$1, BetterAuthClientPlugin as BetterAuthClientPlugin$1, ClientAtomListener, ClientStore } from "@better-auth/core";
-import { BetterAuthPluginDBSchema, InferDBFieldsOutput } from "@better-auth/core/db";
-import { RawError } from "@better-auth/core/utils/error-codes";
+import { BetterAuthClientOptions as BetterAuthClientOptions$1, BetterAuthClientPlugin, ClientAtomListener, ClientStore as ClientStore$1 } from "@better-auth/core";
+import { DBFieldAttribute, InferDBFieldsOutput } from "@better-auth/core/db";
 
 //#region src/client/types.d.ts
+type ClientPluginError<K extends string = string> = {
+  readonly code: K;
+  message: string;
+};
 type InferPluginEndpoints<Plugins> = Plugins extends Array<infer Pl> ? UnionToIntersection<Pl extends {
-  $InferServerPlugin: infer Plug;
+  $InferServerPlugin?: infer Plug;
 } ? Plug extends {
-  endpoints: infer Endpoints;
-} ? Endpoints : {} : {}> : {};
+  endpoints?: infer Endpoints;
+} ? Endpoints extends Record<string, unknown> ? Endpoints : {} : {} : {}> : {};
 type InferClientAPI<O extends BetterAuthClientOptions$1> = InferRoutes<O["plugins"] extends Array<any> ? Omit<Auth["api"], keyof InferPluginEndpoints<O["plugins"]>> & InferPluginEndpoints<O["plugins"]> : Auth["api"], O>;
-type InferActions<O extends BetterAuthClientOptions$1> = (O["plugins"] extends Array<infer Plugin> ? UnionToIntersection<Plugin extends BetterAuthClientPlugin$1 ? Plugin["getActions"] extends ((...args: any) => infer Actions) ? Actions : {} : {}> : {}) & InferRoutes<O["$InferAuth"] extends {
+type InferActions<O extends BetterAuthClientOptions$1> = (O["plugins"] extends Array<infer Plugin> ? UnionToIntersection<Plugin extends {
+  getActions?: infer GetActions;
+} ? GetActions extends ((...args: any) => infer Actions) ? Actions : {} : {}> : {}) & InferRoutes<O["$InferAuth"] extends {
   plugins: infer Plugins;
 } ? Plugins extends Array<infer Plugin> ? Plugin extends {
-  endpoints: infer Endpoints;
-} ? Endpoints : {} : {} : {}, O>;
-type InferErrorCodes<O extends BetterAuthClientOptions$1> = O["plugins"] extends Array<infer Plugin> ? UnionToIntersection<Plugin extends BetterAuthClientPlugin$1 ? Plugin["$InferServerPlugin"] extends {
-  $ERROR_CODES: infer E;
-} ? { [K in keyof E & string]: E[K] extends RawError ? RawError<K> : never } : {} : {}> : {};
+  endpoints?: infer Endpoints;
+} ? Endpoints extends Record<string, unknown> ? Endpoints : {} : {} : {} : {}, O>;
+type InferErrorCodes<O extends BetterAuthClientOptions$1> = O["plugins"] extends Array<infer Plugin> ? UnionToIntersection<Plugin extends {
+  $InferServerPlugin?: infer ServerPlugin;
+} ? ServerPlugin extends {
+  $ERROR_CODES?: infer E;
+} ? { [K in keyof E & string]: E[K] extends ClientPluginError ? ClientPluginError<K> : never } : {} : {}> : {};
 /**
  * signals are just used to recall a computed value.
  * as a convention they start with "$"
@@ -29,12 +36,16 @@ type InferErrorCodes<O extends BetterAuthClientOptions$1> = O["plugins"] extends
 type IsSignal<T> = T extends `$${infer _}` ? true : false;
 type InferSessionFromClient<O extends BetterAuthClientOptions$1> = StripEmptyObjects<Session$1 & UnionToIntersection<InferAdditionalFromClient<O, "session", "output">>>;
 type InferUserFromClient<O extends BetterAuthClientOptions$1> = StripEmptyObjects<User$1 & UnionToIntersection<InferAdditionalFromClient<O, "user", "output">>>;
-type InferAdditionalFromClient<Options extends BetterAuthClientOptions$1, Key extends string, Format extends "input" | "output" = "output"> = Options["plugins"] extends Array<infer Plugin> ? Plugin extends BetterAuthClientPlugin$1 ? Plugin["$InferServerPlugin"] extends {
-  schema: infer Schema;
-} ? Schema extends BetterAuthPluginDBSchema ? Format extends "input" ? InferFieldsInputClient<Schema[Key]["fields"]> : InferDBFieldsOutput<Schema[Key]["fields"]> : {} : {} : {} : {};
+type InferAdditionalFromClient<Options extends BetterAuthClientOptions$1, Key extends string, Format extends "input" | "output" = "output"> = Options["plugins"] extends Array<infer Plugin> ? Plugin extends {
+  $InferServerPlugin?: infer ServerPlugin;
+} ? ServerPlugin extends {
+  schema?: infer Schema;
+} ? Schema extends Record<Key, {
+  fields: infer Fields;
+}> ? Fields extends Record<string, DBFieldAttribute> ? Format extends "input" ? InferFieldsInputClient<Fields> : InferDBFieldsOutput<Fields> : {} : {} : {} : {} : {};
 type SessionQueryParams = {
   disableCookieCache?: boolean | undefined;
   disableRefresh?: boolean | undefined;
 };
 //#endregion
-export { type BetterAuthClientOptions$1 as BetterAuthClientOptions, type BetterAuthClientPlugin$1 as BetterAuthClientPlugin, type ClientAtomListener, type ClientStore, InferActions, InferAdditionalFromClient, InferClientAPI, InferErrorCodes, InferSessionFromClient, InferUserFromClient, IsSignal, SessionQueryParams };
+export { type BetterAuthClientOptions$1 as BetterAuthClientOptions, type BetterAuthClientPlugin, type ClientAtomListener, type ClientStore$1 as ClientStore, InferActions, InferAdditionalFromClient, InferClientAPI, InferErrorCodes, InferSessionFromClient, InferUserFromClient, IsSignal, SessionQueryParams };

package/dist/client/vanilla.d.mts

@@ -1,6 +1,6 @@
 import { PrettifyDeep, UnionToIntersection } from "../types/helper.mjs";
 import { InferActions, InferClientAPI, InferErrorCodes, IsSignal, SessionQueryParams } from "./types.mjs";
-import { BetterAuthClientOptions, BetterAuthClientPlugin } from "@better-auth/core";
+import { BetterAuthClientOptions } from "@better-auth/core";
 import { BASE_ERROR_CODES } from "@better-auth/core/error";
 import * as nanostores from "nanostores";
 import { Atom } from "nanostores";
@@ -10,7 +10,9 @@ import { BetterFetchError } from "@better-fetch/fetch";
 //#region src/client/vanilla.d.ts
 type InferResolvedHooks<O extends BetterAuthClientOptions> = O extends {
   plugins: Array<infer Plugin>;
-} ? UnionToIntersection<Plugin extends BetterAuthClientPlugin ? Plugin["getAtoms"] extends ((fetch: any) => infer Atoms) ? Atoms extends Record<string, any> ? { [key in keyof Atoms as IsSignal<key> extends true ? never : key extends string ? `use${Capitalize<key>}` : never]: Atoms[key] } : {} : {} : {}> : {};
+} ? UnionToIntersection<Plugin extends {
+  getAtoms?: infer GetAtoms;
+} ? GetAtoms extends ((fetch: any) => infer Atoms) ? Atoms extends Record<string, any> ? { [key in keyof Atoms as IsSignal<key> extends true ? never : key extends string ? `use${Capitalize<key>}` : never]: Atoms[key] } : {} : {} : {}> : {};
 declare function createAuthClient<Option extends BetterAuthClientOptions>(options?: Option | undefined): UnionToIntersection<InferResolvedHooks<Option>> & InferClientAPI<Option> & InferActions<Option> & {
   useSession: Atom<{
     data: InferClientAPI<Option> extends {

package/dist/client/vue/index.d.mts

@@ -1,6 +1,6 @@
 import { ExtractPluginField, HasRequiredKeys, InferPluginFieldFromTuple, IsAny, OverrideMerge, Prettify, PrettifyDeep, RequiredKeysOf, StripEmptyObjects, UnionToIntersection } from "../../types/helper.mjs";
 import { InferActions, InferClientAPI, InferErrorCodes, IsSignal, SessionQueryParams } from "../types.mjs";
-import { BetterAuthClientOptions, BetterAuthClientPlugin } from "@better-auth/core";
+import { BetterAuthClientOptions } from "@better-auth/core";
 import { BASE_ERROR_CODES } from "@better-auth/core/error";
 import * as nanostores from "nanostores";
 import * as _better_fetch_fetch0 from "@better-fetch/fetch";
@@ -12,7 +12,9 @@ export * from "@better-fetch/fetch";
 //#region src/client/vue/index.d.ts
 type InferResolvedHooks<O extends BetterAuthClientOptions> = O extends {
   plugins: Array<infer Plugin>;
-} ? UnionToIntersection<Plugin extends BetterAuthClientPlugin ? Plugin["getAtoms"] extends ((fetch: any) => infer Atoms) ? Atoms extends Record<string, any> ? { [key in keyof Atoms as IsSignal<key> extends true ? never : key extends string ? `use${Capitalize<key>}` : never]: () => DeepReadonly<Ref<ReturnType<Atoms[key]["get"]>>> } : {} : {} : {}> : {};
+} ? UnionToIntersection<Plugin extends {
+  getAtoms?: infer GetAtoms;
+} ? GetAtoms extends ((fetch: any) => infer Atoms) ? Atoms extends Record<string, any> ? { [key in keyof Atoms as IsSignal<key> extends true ? never : key extends string ? `use${Capitalize<key>}` : never]: () => DeepReadonly<Ref<ReturnType<Atoms[key]["get"]>>> } : {} : {} : {}> : {};
 declare function createAuthClient<Option extends BetterAuthClientOptions>(options?: Option | undefined): UnionToIntersection<InferResolvedHooks<Option>> & InferClientAPI<Option> & InferActions<Option> & {
   useSession: {
     (): DeepReadonly<Ref<{

package/dist/context/create-context.mjs

@@ -1,5 +1,6 @@
 import { getBaseURL, isDynamicBaseURLConfig } from "../utils/url.mjs";
 import { matchesOriginPattern } from "../auth/trusted-origins.mjs";
+import { hasServerSessionStore } from "./store-capabilities.mjs";
 import { isPromise } from "../utils/is-promise.mjs";
 import { hashPassword, verifyPassword } from "../crypto/password.mjs";
 import { createCookieGetter, getCookies } from "../cookies/index.mjs";
@@ -42,7 +43,7 @@ function validateSecret(secret, logger) {
 	if (estimateEntropy(secret) < 120) logger.warn("[better-auth] Warning: your BETTER_AUTH_SECRET appears low-entropy. Use a randomly generated secret for production.");
 }
 async function createAuthContext(adapter, options, getDatabaseType) {
-	const isStateful = !!options.database || !!options.secondaryStorage;
+	const isStateful = hasServerSessionStore(options);
 	if (!isStateful) options = defu$1(options, { session: { cookieCache: {
 		enabled: true,
 		strategy: "jwe",

package/dist/context/store-capabilities.mjs

@@ -0,0 +1,12 @@
+//#region src/context/store-capabilities.ts
+function hasServerSessionStore(options) {
+	return !!options.database || !!options.secondaryStorage;
+}
+function hasServerAccountStore(options) {
+	return !!options.database;
+}
+function shouldBindAccountCookieToSessionUser(options) {
+	return hasServerAccountStore(options);
+}
+//#endregion
+export { hasServerSessionStore, shouldBindAccountCookieToSessionUser };

package/dist/cookies/index.mjs

@@ -1,4 +1,5 @@
 import { isDynamicBaseURLConfig } from "../utils/url.mjs";
+import { shouldBindAccountCookieToSessionUser } from "../context/store-capabilities.mjs";
 import { signJWT, symmetricDecodeJWT, symmetricEncodeJWT, verifyJWT } from "../crypto/jwt.mjs";
 import { parseUserOutput } from "../db/schema.mjs";
 import { getDate } from "../utils/date.mjs";
@@ -114,9 +115,9 @@ async function setCookieCache(ctx, session, dontRememberMe) {
 		}
 		ctx.setCookie(ctx.context.authCookies.sessionData.name, data, options);
 	}
-	if (ctx.context.options.account?.storeAccountCookie) {
+	if (ctx.context.options.account?.storeAccountCookie && !hasPendingSetCookie(ctx, ctx.context.authCookies.accountData.name)) {
 		const accountData = await getAccountCookie(ctx);
-		if (accountData) if (accountData.userId === session.user.id) await setAccountCookie(ctx, accountData);
+		if (accountData) if (!shouldBindAccountCookieToSessionUser(ctx.context.options) || accountData.userId === session.user.id) await setAccountCookie(ctx, accountData);
 		else {
 			expireCookie(ctx, ctx.context.authCookies.accountData);
 			const accountStore = createAccountStore(ctx.context.authCookies.accountData.name, ctx.context.authCookies.accountData.attributes, ctx);
@@ -175,6 +176,20 @@ function removeSetCookieEntries(ctx, cookieName) {
 	}
 }
 /**
+* Whether the response already has a pending `Set-Cookie` for `cookieName`
+* or a chunked variant.
+*/
+function hasPendingSetCookie(ctx, cookieName) {
+	const scoped = ctx;
+	const targets = /* @__PURE__ */ new Set();
+	if (scoped.responseHeaders) targets.add(scoped.responseHeaders);
+	if (scoped.context?.responseHeaders) targets.add(scoped.context.responseHeaders);
+	const exact = `${cookieName}=`;
+	const chunk = `${cookieName}.`;
+	for (const headers of targets) if ((typeof headers.getSetCookie === "function" ? headers.getSetCookie() : splitSetCookieHeader(headers.get("set-cookie") || "")).some((entry) => entry.startsWith(exact) || entry.startsWith(chunk))) return true;
+	return false;
+}
+/**
 * Expires a cookie by setting `maxAge: 0` while preserving its attributes
 */
 function expireCookie(ctx, cookie) {
@@ -236,6 +251,10 @@ const getCookieCache = async (request, config) => {
 		const secret = config?.secret || env.BETTER_AUTH_SECRET;
 		if (!secret) throw new BetterAuthError("getCookieCache requires a secret to be provided. Either pass it as an option or set the BETTER_AUTH_SECRET environment variable");
 		const strategy = config?.strategy || "compact";
+		const isEmbeddedSessionExpired = (payload) => {
+			const expiresAt = payload.session?.expiresAt;
+			return !!expiresAt && new Date(expiresAt).getTime() < Date.now();
+		};
 		if (strategy === "jwe") {
 			const payload = await symmetricDecodeJWT(sessionData, secret, "better-auth-session");
 			if (payload && payload.session && payload.user) {
@@ -249,6 +268,7 @@ const getCookieCache = async (request, config) => {
 					}
 					if (cookieVersion !== expectedVersion) return null;
 				}
+				if (isEmbeddedSessionExpired(payload)) return null;
 				return payload;
 			}
 			return null;
@@ -265,6 +285,7 @@ const getCookieCache = async (request, config) => {
 					}
 					if (cookieVersion !== expectedVersion) return null;
 				}
+				if (isEmbeddedSessionExpired(payload)) return null;
 				return payload;
 			}
 			return null;
@@ -285,6 +306,8 @@ const getCookieCache = async (request, config) => {
 				}
 				if (cookieVersion !== expectedVersion) return null;
 			}
+			if (typeof sessionDataPayload.expiresAt === "number" && sessionDataPayload.expiresAt < Date.now()) return null;
+			if (isEmbeddedSessionExpired(sessionDataPayload.session)) return null;
 			return sessionDataPayload.session;
 		}
 	}

package/dist/db/internal-adapter.mjs

@@ -6,6 +6,8 @@ import { getWithHooks } from "./with-hooks.mjs";
 import { getCurrentAdapter, getCurrentAuthContext, runWithTransaction } from "@better-auth/core/context";
 import { generateId } from "@better-auth/core/utils/id";
 import { safeJSONParse } from "@better-auth/core/utils/json";
+import { base64Url } from "@better-auth/utils/base64";
+import { createHash } from "@better-auth/utils/hash";
 //#region src/db/internal-adapter.ts
 function getTTLSeconds(expiresAt, now = Date.now()) {
 	const expiresMs = typeof expiresAt === "number" ? expiresAt : expiresAt.getTime();
@@ -717,6 +719,55 @@ const createInternalAdapter = (adapter, ctx) => {
 			if (!consumed || consumed.expiresAt < /* @__PURE__ */ new Date()) return null;
 			return consumed;
 		},
+		reserveVerificationValue: async (data) => {
+			const reservationId = base64Url.encode(new Uint8Array(await createHash("SHA-256").digest(new TextEncoder().encode("reserve:" + data.identifier))), { padding: false });
+			const storageOption = getStorageOption(data.identifier, options.verification?.storeIdentifier);
+			const storedIdentifier = await processIdentifier(data.identifier, storageOption);
+			if (secondaryStorage && !options.verification?.storeInDatabase) {
+				const cacheKey = `verification:${storedIdentifier}`;
+				if (await secondaryStorage.get(cacheKey)) return false;
+				await secondaryStorage.set(cacheKey, JSON.stringify({
+					id: reservationId,
+					identifier: storedIdentifier,
+					value: data.value,
+					expiresAt: data.expiresAt
+				}), getTTLSeconds(data.expiresAt));
+				return true;
+			}
+			try {
+				await adapter.create({
+					model: "verification",
+					data: {
+						id: reservationId,
+						identifier: storedIdentifier,
+						value: data.value,
+						expiresAt: data.expiresAt,
+						createdAt: /* @__PURE__ */ new Date(),
+						updatedAt: /* @__PURE__ */ new Date()
+					},
+					forceAllowId: true
+				});
+			} catch (error) {
+				if (await adapter.findOne({
+					model: "verification",
+					where: [{
+						field: "id",
+						value: reservationId
+					}]
+				})) return false;
+				throw error;
+			}
+			if (secondaryStorage) {
+				const ttl = getTTLSeconds(data.expiresAt);
+				if (ttl > 0) await secondaryStorage.set(`verification:${storedIdentifier}`, JSON.stringify({
+					id: reservationId,
+					identifier: storedIdentifier,
+					value: data.value,
+					expiresAt: data.expiresAt
+				}), ttl);
+			}
+			return true;
+		},
 		updateVerificationByIdentifier: async (identifier, data) => {
 			const storedIdentifier = await processIdentifier(identifier, getStorageOption(identifier, options.verification?.storeIdentifier));
 			if (secondaryStorage) {

package/dist/package.mjs

@@ -1,4 +1,4 @@
 //#region package.json
-var version = "1.6.16";
+var version = "1.6.18";
 //#endregion
 export { version };