github-starred/better-auth
2
0
Fork 0
mirror of https://github.com/better-auth/better-auth.git synced 2026-05-24 08:01:56 -05:00
Code Issues 2.5k Packages Projects Releases 112 Wiki Activity

session additionalFields doesn't work when enabling secondaryStorage #2238

New Issue
Closed
opened 2026-03-13 09:37:27 -05:00 by GiteaMirror · 5 comments
GiteaMirror commented 2026-03-13 09:37:27 -05:00
Owner
Copy Link

Originally created by @proof-llc on GitHub (Oct 30, 2025).

Is this suited for github?

  • Yes, this is suited for github

To Reproduce

  1. setup secondaryStorage
  2. create field under additionalFields for session
  3. it doesn't show up in session on login.

Current vs. Expected behavior

i checked session in redis. i use cookieCache so i also checked the cookie and decoded the jwt. field is missiing from both.

What version of Better Auth are you using?

1.4.0 beta

System info

{
  "system": {
    "platform": "darwin",
    "arch": "arm64",
    "version": "Darwin Kernel Version 24.6.0: Mon Jul 14 11:30:40 PDT 2025;",
    "release": "24.6.0",
    "cpuCount": 16,
    "cpuModel": "redacted",
    "totalMemory": "128.00 GB",
    "freeMemory": "20.62 GB"
  },
  "node": {
    "version": "v24.7.0",
    "env": "development"
  },
  "packageManager": {
    "name": "npm",
    "version": "11.5.1"
  },
  "frameworks": null,
  "databases": null,
  "betterAuth": {
    "version": "0.1.0",
    "config": null
  }
}

Which area(s) are affected? (Select all that apply)

Backend

Auth config (if applicable)

import { betterAuth } from "better-auth"
export const auth = betterAuth({
    secondaryStorage: {
      get: async (key) => {
        const value = await redis.get(key)
        return value ? value : null
      },
      set: async (key, value, ttl) => {
        if (ttl) {
          await redis.set(key, value, 'EX', ttl)
        } else await redis.set(key, value)
      },
      delete: async (key) => {
        await redis.del(key)
      },
    },
  session: {
      additionalFields: {
        test: {
          type: 'boolean',
          input: false,
          defaultValue: false,
        },
      },
      cookieCache: {
        enabled: true,
        maxAge: 5 * 60, // 5 min
      },
    }
});

Additional context

No response

Originally created by @proof-llc on GitHub (Oct 30, 2025). ### Is this suited for github? - [ ] Yes, this is suited for github ### To Reproduce 1. setup secondaryStorage 2. create field under additionalFields for session 3. it doesn't show up in session on login. ### Current vs. Expected behavior i checked session in redis. i use cookieCache so i also checked the cookie and decoded the jwt. field is missiing from both. ### What version of Better Auth are you using? 1.4.0 beta ### System info ```bash { "system": { "platform": "darwin", "arch": "arm64", "version": "Darwin Kernel Version 24.6.0: Mon Jul 14 11:30:40 PDT 2025;", "release": "24.6.0", "cpuCount": 16, "cpuModel": "redacted", "totalMemory": "128.00 GB", "freeMemory": "20.62 GB" }, "node": { "version": "v24.7.0", "env": "development" }, "packageManager": { "name": "npm", "version": "11.5.1" }, "frameworks": null, "databases": null, "betterAuth": { "version": "0.1.0", "config": null } } ``` ### Which area(s) are affected? (Select all that apply) Backend ### Auth config (if applicable) ```typescript import { betterAuth } from "better-auth" export const auth = betterAuth({ secondaryStorage: { get: async (key) => { const value = await redis.get(key) return value ? value : null }, set: async (key, value, ttl) => { if (ttl) { await redis.set(key, value, 'EX', ttl) } else await redis.set(key, value) }, delete: async (key) => { await redis.del(key) }, }, session: { additionalFields: { test: { type: 'boolean', input: false, defaultValue: false, }, }, cookieCache: { enabled: true, maxAge: 5 * 60, // 5 min }, } }); ``` ### Additional context _No response_
GiteaMirror added the bug label 2026-03-13 09:37:27 -05:00
GiteaMirror commented 2026-03-13 09:37:29 -05:00
Author
Owner
Copy Link

@better-auth-agent[bot] commented on GitHub (Oct 30, 2025):

It appears that when secondary storage is enabled, the extra session fields you added aren’t making it into the stored or returned session object. As a next step, try the following:

  1. Temporarily disable secondary storage and re-test your custom session additionalFields. If they appear correctly without secondary storage, this indicates that the session creation or retrieval logic isn’t correctly incorporating your extra fields when secondary storage is active.

  2. Check your session creation flow—particularly the internal adapter’s handling of session fields—to see if it maps the additionalFields from your configuration when storing the session (in both the cookie and secondary storage). In previous reports the internal adapter didn’t map custom session field names properly, so compare your behavior against known issues around field mapping.

  3. Verify that your auth configuration for session additionalFields is correctly defined and that you’re not inadvertently overriding the session object in middleware that deals with secondary storage.

If these steps don’t help, it may indicate a regression in the beta version (1.4.0 beta) when using secondary storage. In that case, consider filing a detailed bug report with your configuration and reproduction steps.

This troubleshooting approach is based on similar issues where custom session fields did not appear in the returned session due to the way the internal adapter handled field mapping when secondary storage was enabled [1].

Let me know if further details are needed or if additional testing reveals new insights.

DiagramDiscordGitHub

Diagram Join Star

@better-auth-agent[bot] commented on GitHub (Oct 30, 2025): It appears that when secondary storage is enabled, the extra session fields you added aren’t making it into the stored or returned session object. As a next step, try the following: 1. Temporarily disable secondary storage and re-test your custom session additionalFields. If they appear correctly without secondary storage, this indicates that the session creation or retrieval logic isn’t correctly incorporating your extra fields when secondary storage is active. 2. Check your session creation flow—particularly the internal adapter’s handling of session fields—to see if it maps the additionalFields from your configuration when storing the session (in both the cookie and secondary storage). In previous reports the internal adapter didn’t map custom session field names properly, so compare your behavior against known issues around field mapping. 3. Verify that your auth configuration for session additionalFields is correctly defined and that you’re not inadvertently overriding the session object in middleware that deals with secondary storage. If these steps don’t help, it may indicate a regression in the beta version (1.4.0 beta) when using secondary storage. In that case, consider filing a detailed bug report with your configuration and reproduction steps. This troubleshooting approach is based on similar issues where custom session fields did not appear in the returned session due to the way the internal adapter handled field mapping when secondary storage was enabled [[1]](https://github.com/better-auth/better-auth/issues/4468). Let me know if further details are needed or if additional testing reveals new insights. <!-- bot:webhook reply v1 --> [Diagram](https://repodiagrams.s3.eu-north-1.amazonaws.com/better-auth_ultra_detailed_interactive.html) • [Discord](https://discord.gg/better-auth) • [GitHub](https://github.com/better-auth/better-auth) [![Diagram](https://img.shields.io/badge/Diagram-2b3137?style=flat-square)](https://repodiagrams.s3.eu-north-1.amazonaws.com/better-auth_ultra_detailed_interactive.html) [![Join](https://img.shields.io/badge/join-5865F2?logo=discord&logoColor=white&style=flat-square)](https://discord.gg/better-auth) [![Star](https://img.shields.io/badge/star-181717?logo=github&logoColor=white&style=flat-square)](https://github.com/better-auth/better-auth)
GiteaMirror commented 2026-03-13 09:37:30 -05:00
Author
Owner
Copy Link

@proof-llc commented on GitHub (Oct 30, 2025):

i also tried version v1.3.34 before trying v1.4.0-beta.15

@proof-llc commented on GitHub (Oct 30, 2025): i also tried version v1.3.34 before trying v1.4.0-beta.15
GiteaMirror commented 2026-03-13 09:37:31 -05:00
Author
Owner
Copy Link

@better-auth-agent[bot] commented on GitHub (Oct 30, 2025):

Based on what you described, the additional session fields aren’t being merged into the session data when secondary storage is enabled. A similar issue was reproduced when using Redis as secondary storage; the additional field (e.g., adding an organization ID) wasn’t reflected in the final session record when using secondary storage, whereas it worked normally without it [1].

Here are a few troubleshooting steps:

  1. Verify your secondary storage implementation. In your current code you’re not explicitly JSON‑stringifying or parsing the session data. Ensure that when you set a value, you serialize the session data (for example, by using JSON.stringify), and when you get it, parse it properly (using JSON.parse). In one reproduction of the similar issue, missing fields were attributed to improper serialization/deserialization [1].

  2. Double‑check that the session creation hook (if any) or the internal merging logic for additionalFields is executed after retrieving the session from secondary storage. It may be that the fields you add are not being merged properly during the rehydration step.

  3. Test with a stable version (like v1.3.34, which you mentioned) to see if the behavior is consistent. If additionalFields appear correctly without secondary storage, then the merging of those fields may be being lost due to the secondary storage path.

  4. If possible, try temporarily disabling cookie caching to see if the issue lies in how the session is cached versus how it is stored in secondary storage.

If after verifying the serialization and the merge logic the issue persists, it would be a good idea to open an issue on GitHub with your reproduction so the team can look into this behavior with secondary storage [1].

Let me know if you need further guidance on any of these steps.

DiagramDiscordGitHub

Diagram Join Star

@better-auth-agent[bot] commented on GitHub (Oct 30, 2025): Based on what you described, the additional session fields aren’t being merged into the session data when secondary storage is enabled. A similar issue was reproduced when using Redis as secondary storage; the additional field (e.g., adding an organization ID) wasn’t reflected in the final session record when using secondary storage, whereas it worked normally without it [[1]](https://github.com/better-auth/better-auth/issues/4468). Here are a few troubleshooting steps: 1. Verify your secondary storage implementation. In your current code you’re not explicitly JSON‑stringifying or parsing the session data. Ensure that when you set a value, you serialize the session data (for example, by using JSON.stringify), and when you get it, parse it properly (using JSON.parse). In one reproduction of the similar issue, missing fields were attributed to improper serialization/deserialization [[1]](https://github.com/better-auth/better-auth/issues/4468). 2. Double‑check that the session creation hook (if any) or the internal merging logic for additionalFields is executed _after_ retrieving the session from secondary storage. It may be that the fields you add are not being merged properly during the rehydration step. 3. Test with a stable version (like v1.3.34, which you mentioned) to see if the behavior is consistent. If additionalFields appear correctly without secondary storage, then the merging of those fields may be being lost due to the secondary storage path. 4. If possible, try temporarily disabling cookie caching to see if the issue lies in how the session is cached versus how it is stored in secondary storage. If after verifying the serialization and the merge logic the issue persists, it would be a good idea to open an issue on GitHub with your reproduction so the team can look into this behavior with secondary storage [[1]](https://github.com/better-auth/better-auth/issues/4468). Let me know if you need further guidance on any of these steps. <!-- bot:webhook reply v1 --> [Diagram](https://repodiagrams.s3.eu-north-1.amazonaws.com/better-auth_ultra_detailed_interactive.html) • [Discord](https://discord.gg/better-auth) • [GitHub](https://github.com/better-auth/better-auth) [![Diagram](https://img.shields.io/badge/Diagram-2b3137?style=flat-square)](https://repodiagrams.s3.eu-north-1.amazonaws.com/better-auth_ultra_detailed_interactive.html) [![Join](https://img.shields.io/badge/join-5865F2?logo=discord&logoColor=white&style=flat-square)](https://discord.gg/better-auth) [![Star](https://img.shields.io/badge/star-181717?logo=github&logoColor=white&style=flat-square)](https://github.com/better-auth/better-auth)
GiteaMirror commented 2026-03-13 09:37:32 -05:00
Author
Owner
Copy Link

@proof-llc commented on GitHub (Oct 30, 2025):

https://github.com/better-auth/better-auth/issues/4468 is an issue that I opened up and it has nothing to do with this bug.

@proof-llc commented on GitHub (Oct 30, 2025): https://github.com/better-auth/better-auth/issues/4468 is an issue that I opened up and it has nothing to do with this bug.
GiteaMirror commented 2026-03-13 09:37:33 -05:00
Author
Owner
Copy Link

@better-auth-agent[bot] commented on GitHub (Oct 30, 2025):

Based on the reported behavior, it looks like when secondaryStorage is enabled the session’s additionalFields aren’t making it into the stored session (neither in Redis nor in the cookie/JWT) [1]. Here are some troubleshooting steps you can try:

  1. Verify if the issue only appears when secondaryStorage is enabled. Try temporarily disabling secondaryStorage and signing in—if the additionalFields then appear, that confirms the problem is linked to the integration with secondaryStorage.

  2. Double-check that your secondaryStorage implementation does not inadvertently override or strip session properties. For example, ensure that the value passed into redis.set (and later retrieved via redis.get) includes the additionalFields already set by Better Auth. You might add some debug logs right before saving and right after retrieving the session to see if the extra field gets lost.

  3. Confirm that your version (1.4.0 beta) hasn’t introduced a regression with secondaryStorage; if possible, check the changelog to see if any recent changes might affect session handling [1].

  4. If no misconfiguration is found, it’s helpful to create a minimal reproduction of the problem—ensuring the secondaryStorage implementation is exactly as documented—and share the logs or sample data. This can assist in pinpointing whether the issue lies in the flow that merges additionalFields into the session, or in how the session data is cached and later decoded.

Let us know if further detail is needed or if you gather additional logs that might help narrow down the root cause.

DiagramDiscordGitHub

Diagram Join Star

@better-auth-agent[bot] commented on GitHub (Oct 30, 2025): Based on the reported behavior, it looks like when secondaryStorage is enabled the session’s additionalFields aren’t making it into the stored session (neither in Redis nor in the cookie/JWT) [[1]](https://github.com/better-auth/better-auth/issues/5687). Here are some troubleshooting steps you can try: 1. Verify if the issue only appears when secondaryStorage is enabled. Try temporarily disabling secondaryStorage and signing in—if the additionalFields then appear, that confirms the problem is linked to the integration with secondaryStorage. 2. Double-check that your secondaryStorage implementation does not inadvertently override or strip session properties. For example, ensure that the value passed into redis.set (and later retrieved via redis.get) includes the additionalFields already set by Better Auth. You might add some debug logs right before saving and right after retrieving the session to see if the extra field gets lost. 3. Confirm that your version (1.4.0 beta) hasn’t introduced a regression with secondaryStorage; if possible, check the changelog to see if any recent changes might affect session handling [[1]](https://github.com/better-auth/better-auth/issues/5687). 4. If no misconfiguration is found, it’s helpful to create a minimal reproduction of the problem—ensuring the secondaryStorage implementation is exactly as documented—and share the logs or sample data. This can assist in pinpointing whether the issue lies in the flow that merges additionalFields into the session, or in how the session data is cached and later decoded. Let us know if further detail is needed or if you gather additional logs that might help narrow down the root cause. <!-- bot:webhook reply v1 --> [Diagram](https://repodiagrams.s3.eu-north-1.amazonaws.com/better-auth_ultra_detailed_interactive.html) • [Discord](https://discord.gg/better-auth) • [GitHub](https://github.com/better-auth/better-auth) [![Diagram](https://img.shields.io/badge/Diagram-2b3137?style=flat-square)](https://repodiagrams.s3.eu-north-1.amazonaws.com/better-auth_ultra_detailed_interactive.html) [![Join](https://img.shields.io/badge/join-5865F2?logo=discord&logoColor=white&style=flat-square)](https://discord.gg/better-auth) [![Star](https://img.shields.io/badge/star-181717?logo=github&logoColor=white&style=flat-square)](https://github.com/better-auth/better-auth)
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
adapter
astro
awaiting external contributor
blocked
breaking
breaking change
bug
c-devops
core
credentials
database
dependencies
devops
devtools
docs
documentation
duplicate
elysia
enhancement
enterprise
expo
express
fastify
good first issue
help wanted
hono
identity
infra
integration
invalid
javascript
locked
maintenance
need-more-information
needs: info
needs: repro
nextjs
nuxt
oauth
organization
P0
payments
perf
platform
plugin
pull-request
Mirrored from GitHub Pull Request
 question
ready
regression
remix
security
social-provider
solid
stale
svelte
tanstack-start
tracking
version-bump
vue
wontfix
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/better-auth#2238
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?