github-starred/better-auth
2
0
Fork 0
mirror of https://github.com/better-auth/better-auth.git synced 2026-05-23 15:42:09 -05:00
Code Issues 2.5k Packages Projects Releases 112 Wiki Activity

[PR #6871] [MERGED] feat(session): add deferSessionRefresh option to support read-replica setups #15183

New Issue
Closed
opened 2026-04-13 09:52:32 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-04-13 09:52:32 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/better-auth/better-auth/pull/6871
Author: @Paola3stefania
Created: 12/19/2025
Status: Merged
Merged: 1/27/2026
Merged by: @Paola3stefania

Base: canaryHead: feat/defer-session-refresh

📝 Commits (10+)

📊 Changes

9 files changed (+1015 additions, -52 deletions)

View changed files

📝 docs/content/docs/concepts/session-management.mdx (+16 -0)
📝 packages/better-auth/src/api/routes/session-api.test.ts (+279 -0)
📝 packages/better-auth/src/api/routes/session.ts (+46 -10)
📝 packages/better-auth/src/client/session-refresh.test.ts (+223 -0)
📝 packages/better-auth/src/client/session-refresh.ts (+43 -25)
📝 packages/better-auth/src/plugins/open-api/__snapshots__/open-api.test.ts.snap (+378 -0)
📝 packages/better-auth/src/plugins/open-api/generator.ts (+20 -17)
📝 packages/core/src/error/codes.ts (+2 -0)
📝 packages/core/src/types/init-options.ts (+8 -0)

📄 Description

Needs https://github.com/better-auth/better-auth/pull/6891 to be merged before it can be reviewed

Summary by cubic

Adds a deferSessionRefresh option to defer session refresh writes to POST so GET is read-only, enabling read‑replica setups. Off by default.

  • New Features
    • Added session.deferSessionRefresh?: boolean to BetterAuthOptions (default false). When enabled, GET is read-only and refresh occurs on POST.
    • /get-session now supports POST (only when deferSessionRefresh is enabled). GET performs no writes, includes needsRefresh (respects disableSessionRefresh), and does not delete expired sessions; deletion/refresh happen on POST. OpenAPI exposes both GET and POST.
    • Client refresh manager detects needsRefresh and posts to /get-session when needed; otherwise no POST.

Written for commit 15827656e5. Summary will update on new commits.

Fixes https://github.com/better-auth/better-auth/issues/6799

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/better-auth/better-auth/pull/6871 **Author:** [@Paola3stefania](https://github.com/Paola3stefania) **Created:** 12/19/2025 **Status:** ✅ Merged **Merged:** 1/27/2026 **Merged by:** [@Paola3stefania](https://github.com/Paola3stefania) **Base:** `canary` ← **Head:** `feat/defer-session-refresh` --- ### 📝 Commits (10+) - [`866e0da`](https://github.com/better-auth/better-auth/commit/866e0da6c292d178b53794cdedec5790034d913e) feat: add flag - [`43c4358`](https://github.com/better-auth/better-auth/commit/43c435841a669ce1384a38daf71e17d23bf1fd3e) Merge branch 'canary' into feat/defer-session-refresh - [`4b3acbb`](https://github.com/better-auth/better-auth/commit/4b3acbb5b04de09c40934fdc89a4bdb9e8ccf80f) feat: support POST method - [`eec7e64`](https://github.com/better-auth/better-auth/commit/eec7e64b2515420a35728ad8d605436c17e05687) Merge branch 'canary' into feat/defer-session-refresh - [`a00d16e`](https://github.com/better-auth/better-auth/commit/a00d16effa8a18b425a0b2460f2c96a85a8b8bde) feat: make GET readonly when flag enabled and add needsRefresh flag - [`d4658f8`](https://github.com/better-auth/better-auth/commit/d4658f88e5cf9017e19947eaa4dd42cf193cfc88) Merge branch 'feat/defer-session-refresh' of https://github.com/better-auth/better-auth into feat/defer-session-refresh - [`836db0e`](https://github.com/better-auth/better-auth/commit/836db0e1f87ab7bc6b9ef894d2de69a8e4c5e58b) feat: client check needsRefresh and call POST - [`ae4ad2e`](https://github.com/better-auth/better-auth/commit/ae4ad2e72d834947d9140dea2a6c9eedb729a646) feat add tests - [`4536ff5`](https://github.com/better-auth/better-auth/commit/4536ff598e0bc67d999dd051dc8f0c8841bfbd29) make lint happy - [`dc7ed41`](https://github.com/better-auth/better-auth/commit/dc7ed415c24c38b2dbcd34d98ab1605a475a9e70) Merge branch 'canary' into feat/defer-session-refresh ### 📊 Changes **9 files changed** (+1015 additions, -52 deletions) <details> <summary>View changed files</summary> 📝 `docs/content/docs/concepts/session-management.mdx` (+16 -0) 📝 `packages/better-auth/src/api/routes/session-api.test.ts` (+279 -0) 📝 `packages/better-auth/src/api/routes/session.ts` (+46 -10) 📝 `packages/better-auth/src/client/session-refresh.test.ts` (+223 -0) 📝 `packages/better-auth/src/client/session-refresh.ts` (+43 -25) 📝 `packages/better-auth/src/plugins/open-api/__snapshots__/open-api.test.ts.snap` (+378 -0) 📝 `packages/better-auth/src/plugins/open-api/generator.ts` (+20 -17) 📝 `packages/core/src/error/codes.ts` (+2 -0) 📝 `packages/core/src/types/init-options.ts` (+8 -0) </details> ### 📄 Description Needs https://github.com/better-auth/better-auth/pull/6891 to be merged before it can be reviewed <!-- This is an auto-generated description by cubic. --> --- ## Summary by cubic Adds a deferSessionRefresh option to defer session refresh writes to POST so GET is read-only, enabling read‑replica setups. Off by default. - **New Features** - Added session.deferSessionRefresh?: boolean to BetterAuthOptions (default false). When enabled, GET is read-only and refresh occurs on POST. - /get-session now supports POST (only when deferSessionRefresh is enabled). GET performs no writes, includes needsRefresh (respects disableSessionRefresh), and does not delete expired sessions; deletion/refresh happen on POST. OpenAPI exposes both GET and POST. - Client refresh manager detects needsRefresh and posts to /get-session when needed; otherwise no POST. <sup>Written for commit 15827656e5a41ffcc6a65f57a67d75f58144a25b. Summary will update on new commits.</sup> <!-- End of auto-generated description by cubic. --> Fixes https://github.com/better-auth/better-auth/issues/6799 --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-04-13 09:52:32 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
adapter
astro
awaiting external contributor
blocked
breaking
breaking change
bug
c-devops
core
credentials
database
dependencies
devops
devtools
docs
documentation
duplicate
elysia
enhancement
enterprise
expo
express
fastify
good first issue
help wanted
hono
identity
infra
integration
invalid
javascript
locked
maintenance
need-more-information
needs: info
needs: repro
nextjs
nuxt
oauth
organization
P0
payments
perf
platform
plugin
pull-request
Mirrored from GitHub Pull Request
 question
ready
regression
remix
security
social-provider
solid
stale
svelte
tanstack-start
tracking
version-bump
vue
wontfix
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/better-auth#15183
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?