From e27d77a68fe4dea49eb69c40f4237913234fa03e Mon Sep 17 00:00:00 2001
From: KinfeMichael Tariku <65047246+Kinfe123@users.noreply.github.com>
Date: Fri, 13 Jun 2025 23:02:48 -0700
Subject: [PATCH] fix: propagate a secondary storage updates on updated user
 (#3000)

* update user propagate update on session with secondary storage

* lint

* descriptive
---
 .../src/api/routes/update-user.test.ts        | 45 +++++++++++++++++++
 .../better-auth/src/db/internal-adapter.ts    | 35 +++++++++++++++
 2 files changed, 80 insertions(+)

diff --git a/packages/better-auth/src/api/routes/update-user.test.ts b/packages/better-auth/src/api/routes/update-user.test.ts
index 8126da5eaa..2be91f0989 100644
--- a/packages/better-auth/src/api/routes/update-user.test.ts
+++ b/packages/better-auth/src/api/routes/update-user.test.ts
@@ -264,6 +264,51 @@ describe("updateUser", async () => {
 		// @ts-ignore
 		expect(session?.user.newField).toBe("new");
 	});
+
+	it("should propagate updates across sessions when secondaryStorage is enabled", async () => {
+		const store = new Map<string, string>();
+		const { client: authClient, signInWithTestUser: signIn } =
+			await getTestInstance({
+				secondaryStorage: {
+					set(key, value) {
+						store.set(key, value);
+					},
+					get(key) {
+						return store.get(key) || null;
+					},
+					delete(key) {
+						store.delete(key);
+					},
+				},
+			});
+
+		const { headers: headers1 } = await signIn();
+		const { headers: headers2 } = await signIn();
+
+		await authClient.updateUser({
+			name: "updatedName",
+			fetchOptions: {
+				headers: headers1,
+			},
+		});
+
+		const secondSession = await authClient.getSession({
+			fetchOptions: {
+				headers: headers2,
+				throw: true,
+			},
+		});
+		expect(secondSession.user.name).toBe("updatedName");
+
+		const firstSession = await authClient.getSession({
+			fetchOptions: {
+				headers: headers1,
+				throw: true,
+			},
+		});
+
+		expect(firstSession.user.name).toBe("updatedName");
+	});
 });
 
 describe("delete user", async () => {
diff --git a/packages/better-auth/src/db/internal-adapter.ts b/packages/better-auth/src/db/internal-adapter.ts
index e28b80a3ed..07b9889f86 100644
--- a/packages/better-auth/src/db/internal-adapter.ts
+++ b/packages/better-auth/src/db/internal-adapter.ts
@@ -672,6 +672,41 @@ export const createInternalAdapter = (
 				undefined,
 				context,
 			);
+			if (secondaryStorage && user) {
+				const listRaw = await secondaryStorage.get(`active-sessions-${userId}`);
+				if (listRaw) {
+					const now = Date.now();
+					const list =
+						safeJSONParse<{ token: string; expiresAt: number }[]>(listRaw) ||
+						[];
+					const validSessions = list.filter((s) => s.expiresAt > now);
+					await Promise.all(
+						validSessions.map(async ({ token }) => {
+							const cached = await secondaryStorage.get(token);
+							if (!cached) return;
+							const parsed = safeJSONParse<{
+								session: Session;
+								user: User;
+							}>(cached);
+							if (!parsed) return;
+							const sessionTTL = Math.max(
+								Math.floor(
+									(new Date(parsed.session.expiresAt).getTime() - now) / 1000,
+								),
+								0,
+							);
+							await secondaryStorage.set(
+								token,
+								JSON.stringify({
+									session: parsed.session,
+									user,
+								}),
+								sessionTTL,
+							);
+						}),
+					);
+				}
+			}
 			return user;
 		},
 		updateUserByEmail: async (