Session Management

Server-Side Setup in `apps/server/src/lib/auth.ts`

1. Configure BetterAuth

// apps/server/src/lib/auth.ts
import { betterAuth } from "better-auth";
import { prismaAdapter } from "better-auth/adapters/prisma";

export const auth = betterAuth({
  database: prismaAdapter(prisma, {
    provider: "postgresql",
  }),

  advanced: {
    crossSubDomainCookies: {
      enabled: true,
    },
  },
});

2. Session Schema

model Session {
  id        String   @id @map("_id")
  expiresAt DateTime
  token     String   @unique
  createdAt DateTime
  updatedAt DateTime
  ipAddress String?
  userAgent String?
  userId    String
  user      User     @relation(fields: [userId], references: [id], onDelete: Cascade)
}

Client-Side Implementation

1. Auth Client Setup

// apps/web/src/lib/auth-client.ts
import { createAuthClient } from "better-auth/react";

export const authClient = createAuthClient({
  baseURL: process.env.NEXT_PUBLIC_SERVER_URL!,
});

2. get session

// apps/web/src/hooks/use-session.ts
import { authClient } from "@/lib/client"
 
const { data: session } = authClient.useSession()

Security Features

Session Storage
- Secure cookie storage
- HTTP-only cookies
- SameSite policy
- CSRF protection
Session Validation
- Token verification
- Expiration checks
- IP validation
- User agent validation
Session Refresh
- Automatic refresh
- Sliding expiration
- Refresh token rotation
- Concurrent session handling

Best Practices

Session Security
- Use secure cookies
- Implement CSRF protection
- Validate session data
- Monitor session activity
Error Handling
- Handle expired sessions
- Manage invalid tokens
- Clear invalid sessions
- Log session errors
User Experience
- Smooth session refresh
- Clear session states
- Handle session loss
- Provide feedback

Common Issues & Solutions

Session Expiry
- Implement refresh logic
- Handle expired sessions
- Clear invalid sessions
- Update session data
Cross-Domain Issues
- Configure CORS
- Set cookie domains
- Handle subdomains
- Validate origins
Concurrent Sessions
- Manage multiple sessions
- Handle conflicts
- Update session data
- Clear old sessions

Get Started

Database

Frontend

Auth

Email

Payment

API

Structure

AI

CMS

Storage

SEO

Theme

Resources

Server-Side Setup in `apps/server/src/lib/auth.ts`

1. Configure BetterAuth

2. Session Schema

Client-Side Implementation

1. Auth Client Setup

2. get session

Security Features

Best Practices

Common Issues & Solutions

Next Steps

Get Started

Database

Frontend

Auth

Email

Payment

API

Structure

AI

CMS

Storage

SEO

Theme

Resources

​Server-Side Setup in apps/server/src/lib/auth.ts

​1. Configure BetterAuth

​2. Session Schema

​Client-Side Implementation

​1. Auth Client Setup

​2. get session

​Security Features

​Best Practices

​Common Issues & Solutions

​Next Steps

Server-Side Setup in `apps/server/src/lib/auth.ts`

1. Configure BetterAuth

2. Session Schema

Client-Side Implementation

1. Auth Client Setup

2. get session

Security Features

Best Practices

Common Issues & Solutions

Next Steps