github-starred/better-auth
2
0
Fork 0
mirror of https://github.com/better-auth/better-auth.git synced 2026-05-23 07:18:56 -05:00
Code Issues 2.5k Packages Projects Releases 112 Wiki Activity

[GH-ISSUE #3267] Auto signin not working on Anonumous #26870

New Issue
Closed
opened 2026-04-17 17:35:44 -05:00 by GiteaMirror · 17 comments
GiteaMirror commented 2026-04-17 17:35:44 -05:00
Owner
Copy Link

Originally created by @Bruh-Codes on GitHub (Jul 5, 2025).
Original GitHub issue: https://github.com/better-auth/better-auth/issues/3267

Is this suited for github?

  • Yes, this is suited for github

To Reproduce

  1. setup a next js integration be following the docs https://www.better-auth.com/docs/integrations/next
  2. set up the anonymous plugin https://www.better-auth.com/docs/plugins/anonymous

Current vs. Expected behavior

it should automatically sign in an anonymous user not only on first time just like how the autoSignIn works on signUp.

i get this error when i try to signIn again as an anonymous user

{
    "code": "ANONYMOUS_USERS_CANNOT_SIGN_IN_AGAIN_ANONYMOUSLY",
    "message": "Anonymous users cannot sign in again anonymously",
    "status": 400,
    "statusText": "BAD_REQUEST"
}

What version of Better Auth are you using?

^1.2.12

Provide environment information

- OS [Windows 11]
- Browser [Chrome]

Which area(s) are affected? (Select all that apply)

Client, Documentation, Package

Auth config (if applicable)

import EmailTemplate from "@/components/email-template";
import { betterAuth, string } from "better-auth";
import { admin } from "better-auth/plugins/admin";
import { anonymous } from "better-auth/plugins/anonymous";
import { magicLink } from "better-auth/plugins/magic-link";
import { Pool } from "pg";
import { Resend } from "resend";

const resend = new Resend(process.env.RESEND_API_KEY);

export const auth = betterAuth({
	user: {
		additionalFields: {
			OCId: {
				type: "string",
			},
			ethAddress: {
				type: "string",
			},
		},
	},

	session: {
		additionalFields: {
			OCId: {
				type: "string",
			},
			ethAddress: {
				type: "string",
			},
		},
	},
	account: {
		accountLinking: {
			enabled: true,
			trustedProviders: ["google", "twitter"],
		},
	},
	rateLimit: {
		enabled: true,
		window: 60, // 1 minute
		max: 3, // Max 3 requests per minute
		storage: "database",
	},
	trustedOrigins: ["http://localhost:3000"],
	socialProviders: {
		google: {
			clientId: process.env.GOOGLE_CLIENT_ID!,
			clientSecret: process.env.GOOGLE_CLIENT_SECRET!,
		},
		twitter: {
			clientId: process.env.TWITTER_CLIENT_ID!,
			clientSecret: process.env.TWITTER_CLIENT_SECRET!,
		},
	},
	advanced: {
		ipAddress: {
			ipAddressHeaders: ["x-forwarded-for", "x-real-ip"],
			disableIpTracking: false,
		},
	},
	plugins: [
		magicLink({
			async sendMagicLink({ email, url }) {
				console.log(url);
				// const { error } = await resend.emails.send({
				// 	from: "YieldEdu <onboarding@support.yieldedu.xyz>",
				// 	to: [email],
				// 	subject: "Your Magic Sign-In Link for YieldEdu",
				// 	react: EmailTemplate({ link: url }),
				// });
				// if (error) console.log(error);
			},
		}),
		anonymous({
			emailDomainName: "OCId-User",
		}),

		admin({
			adminRoles: ["admin", "partner admin"],
		}),
	],
	/** if no database is provided, the user data will be stored in memory.
	 * Make sure to provide a database to persist user data **/
	database: new Pool({
		connectionString: process.env.DATABASE_URL,
	}),
});

Additional context

it is reproducible locally just follow the docs

Originally created by @Bruh-Codes on GitHub (Jul 5, 2025). Original GitHub issue: https://github.com/better-auth/better-auth/issues/3267 ### Is this suited for github? - [x] Yes, this is suited for github ### To Reproduce 1. setup a next js integration be following the docs https://www.better-auth.com/docs/integrations/next 2. set up the anonymous plugin https://www.better-auth.com/docs/plugins/anonymous ### Current vs. Expected behavior it should automatically sign in an anonymous user not only on first time just like how the autoSignIn works on signUp. i get this error when i try to signIn again as an anonymous user ```ts { "code": "ANONYMOUS_USERS_CANNOT_SIGN_IN_AGAIN_ANONYMOUSLY", "message": "Anonymous users cannot sign in again anonymously", "status": 400, "statusText": "BAD_REQUEST" } ``` ### What version of Better Auth are you using? ^1.2.12 ### Provide environment information ```bash - OS [Windows 11] - Browser [Chrome] ``` ### Which area(s) are affected? (Select all that apply) Client, Documentation, Package ### Auth config (if applicable) ```typescript import EmailTemplate from "@/components/email-template"; import { betterAuth, string } from "better-auth"; import { admin } from "better-auth/plugins/admin"; import { anonymous } from "better-auth/plugins/anonymous"; import { magicLink } from "better-auth/plugins/magic-link"; import { Pool } from "pg"; import { Resend } from "resend"; const resend = new Resend(process.env.RESEND_API_KEY); export const auth = betterAuth({ user: { additionalFields: { OCId: { type: "string", }, ethAddress: { type: "string", }, }, }, session: { additionalFields: { OCId: { type: "string", }, ethAddress: { type: "string", }, }, }, account: { accountLinking: { enabled: true, trustedProviders: ["google", "twitter"], }, }, rateLimit: { enabled: true, window: 60, // 1 minute max: 3, // Max 3 requests per minute storage: "database", }, trustedOrigins: ["http://localhost:3000"], socialProviders: { google: { clientId: process.env.GOOGLE_CLIENT_ID!, clientSecret: process.env.GOOGLE_CLIENT_SECRET!, }, twitter: { clientId: process.env.TWITTER_CLIENT_ID!, clientSecret: process.env.TWITTER_CLIENT_SECRET!, }, }, advanced: { ipAddress: { ipAddressHeaders: ["x-forwarded-for", "x-real-ip"], disableIpTracking: false, }, }, plugins: [ magicLink({ async sendMagicLink({ email, url }) { console.log(url); // const { error } = await resend.emails.send({ // from: "YieldEdu <onboarding@support.yieldedu.xyz>", // to: [email], // subject: "Your Magic Sign-In Link for YieldEdu", // react: EmailTemplate({ link: url }), // }); // if (error) console.log(error); }, }), anonymous({ emailDomainName: "OCId-User", }), admin({ adminRoles: ["admin", "partner admin"], }), ], /** if no database is provided, the user data will be stored in memory. * Make sure to provide a database to persist user data **/ database: new Pool({ connectionString: process.env.DATABASE_URL, }), }); ``` ### Additional context it is reproducible locally just follow the docs
GiteaMirror added the locked label 2026-04-17 17:35:44 -05:00
GiteaMirror commented 2026-04-17 17:35:48 -05:00
Author
Owner
Copy Link

@dosubot[bot] commented on GitHub (Jul 5, 2025):

This behavior is intentional: the Better Auth anonymous plugin does not allow an anonymous user to sign in again anonymously if they already have an active anonymous session. When you try to do so, it throws the ANONYMOUS_USERS_CANNOT_SIGN_IN_AGAIN_ANONYMOUSLY error by design. Auto sign-in for anonymous users only happens when there is no current anonymous session; once a session exists, you must sign out or let the session expire before a new anonymous sign-in can occur. There are no configuration options to change this behavior, and it's enforced for security and consistency reasons in the plugin's code and docs [docs](https://better-auth.com/docs/plugins/anonymous) [code].

If you want to trigger a new anonymous sign-in, make sure to sign out the current anonymous user first. If you need different behavior (like silent re-creation of anonymous sessions), it would require a custom modification or feature request.

To reply, just mention @dosu.

How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other  Join Discord Share on X

<!-- gh-comment-id:3038822685 --> @dosubot[bot] commented on GitHub (Jul 5, 2025): <!-- Answer --> This behavior is intentional: the Better Auth anonymous plugin does not allow an anonymous user to sign in again anonymously if they already have an active anonymous session. When you try to do so, it throws the `ANONYMOUS_USERS_CANNOT_SIGN_IN_AGAIN_ANONYMOUSLY` error by design. Auto sign-in for anonymous users only happens when there is no current anonymous session; once a session exists, you must sign out or let the session expire before a new anonymous sign-in can occur. There are no configuration options to change this behavior, and it's enforced for security and consistency reasons in the plugin's code and docs [[docs](https://better-auth.com/docs/plugins/anonymous)](https://better-auth.com/docs/plugins/anonymous) [[code](https://github.com/better-auth/better-auth/blob/57baf02f84a45be794b069fcce3bc8f528c6208e/packages/better-auth/src/plugins/anonymous/index.ts)]. If you want to trigger a new anonymous sign-in, make sure to sign out the current anonymous user first. If you need different behavior (like silent re-creation of anonymous sessions), it would require a custom modification or feature request. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/f3c9bc18-3889-40f4-b967-33c8ea9c12b5?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/f3c9bc18-3889-40f4-b967-33c8ea9c12b5?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/f3c9bc18-3889-40f4-b967-33c8ea9c12b5?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/f3c9bc18-3889-40f4-b967-33c8ea9c12b5?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/f3c9bc18-3889-40f4-b967-33c8ea9c12b5?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/f3c9bc18-3889-40f4-b967-33c8ea9c12b5?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/f3c9bc18-3889-40f4-b967-33c8ea9c12b5?feedback_type=other)</sup>&nbsp;&nbsp;[![Join Discord](https://img.shields.io/badge/join-5865F2?logo=discord&logoColor=white&label=)](https://go.dosu.dev/discord-bot)&nbsp;[![Share on X](https://img.shields.io/badge/X-share-black)](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/better-auth/better-auth/issues/3267)
GiteaMirror commented 2026-04-17 17:35:50 -05:00
Author
Owner
Copy Link

@Bruh-Codes commented on GitHub (Jul 5, 2025):

checking for session and signing out before initiating a new anonymous
using getSession or useSession does not remove the previous anonymous signin

On Sat, Jul 5, 2025 at 11:45 AM dosubot[bot] @.***>
wrote:

dosubot[bot] left a comment (better-auth/better-auth#3267)
https://github.com/better-auth/better-auth/issues/3267#issuecomment-3038822685

This behavior is intentional: the Better Auth anonymous plugin does not
allow an anonymous user to sign in again anonymously if they already have
an active anonymous session. When you try to do so, it throws the
ANONYMOUS_USERS_CANNOT_SIGN_IN_AGAIN_ANONYMOUSLY error by design. Auto
sign-in for anonymous users only happens when there is no current anonymous
session; once a session exists, you must sign out or let the session expire
before a new anonymous sign-in can occur. There are no configuration
options to change this behavior, and it's enforced for security and
consistency reasons in the plugin's code and docs docs
https://better-auth.com/docs/plugins/anonymous [code
https://github.com/better-auth/better-auth/blob/57baf02f84a45be794b069fcce3bc8f528c6208e/packages/better-auth/src/plugins/anonymous/index.ts
].

If you want to trigger a new anonymous sign-in, make sure to sign out the
current anonymous user first. If you need different behavior (like silent
re-creation of anonymous sessions), it would require a custom modification
or feature request.

To reply, just mention @dosu https://go.dosu.dev/dosubot.

How did I do? Good
https://app.dosu.dev/response-feedback/f3c9bc18-3889-40f4-b967-33c8ea9c12b5?feedback_type=great_response
| Irrelevant
https://app.dosu.dev/response-feedback/f3c9bc18-3889-40f4-b967-33c8ea9c12b5?feedback_type=irrelevant_answer
| Incorrect
https://app.dosu.dev/response-feedback/f3c9bc18-3889-40f4-b967-33c8ea9c12b5?feedback_type=incorrect_sources
| Verbose
https://app.dosu.dev/response-feedback/f3c9bc18-3889-40f4-b967-33c8ea9c12b5?feedback_type=too_verbose
| Hallucination
https://app.dosu.dev/response-feedback/f3c9bc18-3889-40f4-b967-33c8ea9c12b5?feedback_type=hallucination
| Report 🐛
https://app.dosu.dev/response-feedback/f3c9bc18-3889-40f4-b967-33c8ea9c12b5?feedback_type=bug_report
| Other
https://app.dosu.dev/response-feedback/f3c9bc18-3889-40f4-b967-33c8ea9c12b5?feedback_type=other
[image: Join Discord] https://go.dosu.dev/discord-bot [image: Share
on X]
https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/better-auth/better-auth/issues/3267


Reply to this email directly, view it on GitHub
https://github.com/better-auth/better-auth/issues/3267#issuecomment-3038822685,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/BNZK6EB6RRFAUZTP5KSGAC33G63FVAVCNFSM6AAAAACA24VD26VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTAMZYHAZDENRYGU
.
You are receiving this because you authored the thread.Message ID:
@.***>

<!-- gh-comment-id:3038837091 --> @Bruh-Codes commented on GitHub (Jul 5, 2025): checking for session and signing out before initiating a new anonymous using getSession or useSession does not remove the previous anonymous signin On Sat, Jul 5, 2025 at 11:45 AM dosubot[bot] ***@***.***> wrote: > *dosubot[bot]* left a comment (better-auth/better-auth#3267) > <https://github.com/better-auth/better-auth/issues/3267#issuecomment-3038822685> > > This behavior is intentional: the Better Auth anonymous plugin does not > allow an anonymous user to sign in again anonymously if they already have > an active anonymous session. When you try to do so, it throws the > ANONYMOUS_USERS_CANNOT_SIGN_IN_AGAIN_ANONYMOUSLY error by design. Auto > sign-in for anonymous users only happens when there is no current anonymous > session; once a session exists, you must sign out or let the session expire > before a new anonymous sign-in can occur. There are no configuration > options to change this behavior, and it's enforced for security and > consistency reasons in the plugin's code and docs [docs > <https://better-auth.com/docs/plugins/anonymous>]( > https://better-auth.com/docs/plugins/anonymous) [code > <https://github.com/better-auth/better-auth/blob/57baf02f84a45be794b069fcce3bc8f528c6208e/packages/better-auth/src/plugins/anonymous/index.ts> > ]. > > If you want to trigger a new anonymous sign-in, make sure to sign out the > current anonymous user first. If you need different behavior (like silent > re-creation of anonymous sessions), it would require a custom modification > or feature request. > > *To reply, just mention @dosu <https://go.dosu.dev/dosubot>.* > ------------------------------ > > How did I do? Good > <https://app.dosu.dev/response-feedback/f3c9bc18-3889-40f4-b967-33c8ea9c12b5?feedback_type=great_response> > | Irrelevant > <https://app.dosu.dev/response-feedback/f3c9bc18-3889-40f4-b967-33c8ea9c12b5?feedback_type=irrelevant_answer> > | Incorrect > <https://app.dosu.dev/response-feedback/f3c9bc18-3889-40f4-b967-33c8ea9c12b5?feedback_type=incorrect_sources> > | Verbose > <https://app.dosu.dev/response-feedback/f3c9bc18-3889-40f4-b967-33c8ea9c12b5?feedback_type=too_verbose> > | Hallucination > <https://app.dosu.dev/response-feedback/f3c9bc18-3889-40f4-b967-33c8ea9c12b5?feedback_type=hallucination> > | Report 🐛 > <https://app.dosu.dev/response-feedback/f3c9bc18-3889-40f4-b967-33c8ea9c12b5?feedback_type=bug_report> > | Other > <https://app.dosu.dev/response-feedback/f3c9bc18-3889-40f4-b967-33c8ea9c12b5?feedback_type=other> > [image: Join Discord] <https://go.dosu.dev/discord-bot> [image: Share > on X] > <https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/better-auth/better-auth/issues/3267> > > — > Reply to this email directly, view it on GitHub > <https://github.com/better-auth/better-auth/issues/3267#issuecomment-3038822685>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/BNZK6EB6RRFAUZTP5KSGAC33G63FVAVCNFSM6AAAAACA24VD26VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTAMZYHAZDENRYGU> > . > You are receiving this because you authored the thread.Message ID: > ***@***.***> >
GiteaMirror commented 2026-04-17 17:35:52 -05:00
Author
Owner
Copy Link

@dosubot[bot] commented on GitHub (Jul 5, 2025):

getSession and useSession only read the current session—they don't sign the user out or clear the session cookie. To fully sign out (including for anonymous users), you need to POST to the /sign-out endpoint, which deletes the session and clears the cookie on both the server and client sides see code.

In a Next.js + Better Auth setup, you can do this with:

await fetch('/api/auth/sign-out', { method: 'POST', credentials: 'include' });

After this, your session should be cleared and a new anonymous sign-in will work. If you still see the old session, check that the sign-out request actually succeeds (200 response), and that the session cookie is deleted (inspect browser cookies). Sometimes issues like incorrect cookie path/domain, not using credentials: 'include', or client-side session cache not updating can cause the session to persist.

If you follow this flow and still can't sign out, let me know what you see in your network tab and cookies—there may be an environment-specific issue.

To reply, just mention @dosu.

How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other  Join Discord Share on X

<!-- gh-comment-id:3038839120 --> @dosubot[bot] commented on GitHub (Jul 5, 2025): <!-- Answer --> getSession and useSession only read the current session—they don't sign the user out or clear the session cookie. To fully sign out (including for anonymous users), you need to POST to the /sign-out endpoint, which deletes the session and clears the cookie on both the server and client sides [see code](https://github.com/better-auth/better-auth/blob/57baf02f84a45be794b069fcce3bc8f528c6208e/packages/better-auth/src/api/routes/sign-out.ts). In a Next.js + Better Auth setup, you can do this with: ```js await fetch('/api/auth/sign-out', { method: 'POST', credentials: 'include' }); ``` After this, your session should be cleared and a new anonymous sign-in will work. If you still see the old session, check that the sign-out request actually succeeds (200 response), and that the session cookie is deleted (inspect browser cookies). Sometimes issues like incorrect cookie path/domain, not using credentials: 'include', or client-side session cache not updating can cause the session to persist. If you follow this flow and still can't sign out, let me know what you see in your network tab and cookies—there may be an environment-specific issue. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/ae0cd747-3563-4ef9-8467-ea5eeb600331?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/ae0cd747-3563-4ef9-8467-ea5eeb600331?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/ae0cd747-3563-4ef9-8467-ea5eeb600331?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/ae0cd747-3563-4ef9-8467-ea5eeb600331?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/ae0cd747-3563-4ef9-8467-ea5eeb600331?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/ae0cd747-3563-4ef9-8467-ea5eeb600331?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/ae0cd747-3563-4ef9-8467-ea5eeb600331?feedback_type=other)</sup>&nbsp;&nbsp;[![Join Discord](https://img.shields.io/badge/join-5865F2?logo=discord&logoColor=white&label=)](https://go.dosu.dev/discord-bot)&nbsp;[![Share on X](https://img.shields.io/badge/X-share-black)](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/better-auth/better-auth/issues/3267)
GiteaMirror commented 2026-04-17 17:35:54 -05:00
Author
Owner
Copy Link

@Bruh-Codes commented on GitHub (Jul 5, 2025):

still not working this is my code

const { data: session } = authClient.useSession();
const router = useRouter();

const onLoginSuccess = async () => {
    if (isInitialized) {
        if (session?.session.token) {
            await fetch("/api/auth/sign-out", {
                method: "POST",
                credentials: "include",
            });
        }
        const user = await authClient.signIn.anonymous();
        if (user.error) {
            console.log(user.error);
        }
        if (user.data?.token) {
            router.push("/dashboard");
        }
    }
};

On Sat, Jul 5, 2025 at 12:00 PM dosubot[bot] @.***>
wrote:

dosubot[bot] left a comment (better-auth/better-auth#3267)
https://github.com/better-auth/better-auth/issues/3267#issuecomment-3038839120

getSession and useSession only read the current session—they don't sign
the user out or clear the session cookie. To fully sign out (including for
anonymous users), you need to POST to the /sign-out endpoint, which deletes
the session and clears the cookie on both the server and client sides see
code
https://github.com/better-auth/better-auth/blob/57baf02f84a45be794b069fcce3bc8f528c6208e/packages/better-auth/src/api/routes/sign-out.ts
.

In a Next.js + Better Auth setup, you can do this with:

await fetch('/api/auth/sign-out', { method: 'POST', credentials: 'include' });

After this, your session should be cleared and a new anonymous sign-in
will work. If you still see the old session, check that the sign-out
request actually succeeds (200 response), and that the session cookie is
deleted (inspect browser cookies). Sometimes issues like incorrect cookie
path/domain, not using credentials: 'include', or client-side session cache
not updating can cause the session to persist.

If you follow this flow and still can't sign out, let me know what you see
in your network tab and cookies—there may be an environment-specific issue.

To reply, just mention @dosu https://go.dosu.dev/dosubot.

How did I do? Good
https://app.dosu.dev/response-feedback/ae0cd747-3563-4ef9-8467-ea5eeb600331?feedback_type=great_response
| Irrelevant
https://app.dosu.dev/response-feedback/ae0cd747-3563-4ef9-8467-ea5eeb600331?feedback_type=irrelevant_answer
| Incorrect
https://app.dosu.dev/response-feedback/ae0cd747-3563-4ef9-8467-ea5eeb600331?feedback_type=incorrect_sources
| Verbose
https://app.dosu.dev/response-feedback/ae0cd747-3563-4ef9-8467-ea5eeb600331?feedback_type=too_verbose
| Hallucination
https://app.dosu.dev/response-feedback/ae0cd747-3563-4ef9-8467-ea5eeb600331?feedback_type=hallucination
| Report 🐛
https://app.dosu.dev/response-feedback/ae0cd747-3563-4ef9-8467-ea5eeb600331?feedback_type=bug_report
| Other
https://app.dosu.dev/response-feedback/ae0cd747-3563-4ef9-8467-ea5eeb600331?feedback_type=other
[image: Join Discord] https://go.dosu.dev/discord-bot [image: Share
on X]
https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/better-auth/better-auth/issues/3267


Reply to this email directly, view it on GitHub
https://github.com/better-auth/better-auth/issues/3267#issuecomment-3038839120,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/BNZK6ECRNFR6LSLJ7DFRK3L3G645LAVCNFSM6AAAAACA24VD26VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTAMZYHAZTSMJSGA
.
You are receiving this because you authored the thread.Message ID:
@.***>

<!-- gh-comment-id:3038848448 --> @Bruh-Codes commented on GitHub (Jul 5, 2025): still not working this is my code const { data: session } = authClient.useSession(); const router = useRouter(); const onLoginSuccess = async () => { if (isInitialized) { if (session?.session.token) { await fetch("/api/auth/sign-out", { method: "POST", credentials: "include", }); } const user = await authClient.signIn.anonymous(); if (user.error) { console.log(user.error); } if (user.data?.token) { router.push("/dashboard"); } } }; On Sat, Jul 5, 2025 at 12:00 PM dosubot[bot] ***@***.***> wrote: > *dosubot[bot]* left a comment (better-auth/better-auth#3267) > <https://github.com/better-auth/better-auth/issues/3267#issuecomment-3038839120> > > getSession and useSession only read the current session—they don't sign > the user out or clear the session cookie. To fully sign out (including for > anonymous users), you need to POST to the /sign-out endpoint, which deletes > the session and clears the cookie on both the server and client sides see > code > <https://github.com/better-auth/better-auth/blob/57baf02f84a45be794b069fcce3bc8f528c6208e/packages/better-auth/src/api/routes/sign-out.ts> > . > > In a Next.js + Better Auth setup, you can do this with: > > await fetch('/api/auth/sign-out', { method: 'POST', credentials: 'include' }); > > After this, your session should be cleared and a new anonymous sign-in > will work. If you still see the old session, check that the sign-out > request actually succeeds (200 response), and that the session cookie is > deleted (inspect browser cookies). Sometimes issues like incorrect cookie > path/domain, not using credentials: 'include', or client-side session cache > not updating can cause the session to persist. > > If you follow this flow and still can't sign out, let me know what you see > in your network tab and cookies—there may be an environment-specific issue. > > *To reply, just mention @dosu <https://go.dosu.dev/dosubot>.* > ------------------------------ > > How did I do? Good > <https://app.dosu.dev/response-feedback/ae0cd747-3563-4ef9-8467-ea5eeb600331?feedback_type=great_response> > | Irrelevant > <https://app.dosu.dev/response-feedback/ae0cd747-3563-4ef9-8467-ea5eeb600331?feedback_type=irrelevant_answer> > | Incorrect > <https://app.dosu.dev/response-feedback/ae0cd747-3563-4ef9-8467-ea5eeb600331?feedback_type=incorrect_sources> > | Verbose > <https://app.dosu.dev/response-feedback/ae0cd747-3563-4ef9-8467-ea5eeb600331?feedback_type=too_verbose> > | Hallucination > <https://app.dosu.dev/response-feedback/ae0cd747-3563-4ef9-8467-ea5eeb600331?feedback_type=hallucination> > | Report 🐛 > <https://app.dosu.dev/response-feedback/ae0cd747-3563-4ef9-8467-ea5eeb600331?feedback_type=bug_report> > | Other > <https://app.dosu.dev/response-feedback/ae0cd747-3563-4ef9-8467-ea5eeb600331?feedback_type=other> > [image: Join Discord] <https://go.dosu.dev/discord-bot> [image: Share > on X] > <https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/better-auth/better-auth/issues/3267> > > — > Reply to this email directly, view it on GitHub > <https://github.com/better-auth/better-auth/issues/3267#issuecomment-3038839120>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/BNZK6ECRNFR6LSLJ7DFRK3L3G645LAVCNFSM6AAAAACA24VD26VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTAMZYHAZTSMJSGA> > . > You are receiving this because you authored the thread.Message ID: > ***@***.***> >
GiteaMirror commented 2026-04-17 17:35:56 -05:00
Author
Owner
Copy Link

@dosubot[bot] commented on GitHub (Jul 5, 2025):

A few things could be causing the session not to clear:

  1. Check the network tab for your /api/auth/sign-out request—does it return a 200 and { success: true }? If not, there may be a backend or cookie config issue.
  2. Inspect your browser cookies before and after sign-out. Is the session cookie (often __Secure-session_token or similar) actually deleted? If not, check that the cookie’s path, domain, and secure/sameSite flags match between server and client. Mismatches here will prevent deletion example config.
  3. After sign-out, force a client-side refresh (e.g., window.location.reload()) before calling signIn.anonymous(). React hooks like useSession may cache old session data, so you could be seeing a stale session.
  4. Double-check your Better Auth config for custom cookie attributes (defaultCookieAttributes, useSecureCookies, etc.) and make sure you’re not using partitioned: true, which can break cookie sharing see discussion.
  5. If you have session: { disableSessionRefresh: true } set, try removing it—this can affect session persistence see PR.

If you still have trouble, please share: the sign-out response, the session cookie’s name and attributes before/after sign-out, and any errors in the browser console. This will help pinpoint if it’s a cookie config, client cache, or server issue.

To reply, just mention @dosu.

How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other  Join Discord Share on X

<!-- gh-comment-id:3038856349 --> @dosubot[bot] commented on GitHub (Jul 5, 2025): <!-- Answer --> A few things could be causing the session not to clear: 1. Check the network tab for your /api/auth/sign-out request—does it return a 200 and { success: true }? If not, there may be a backend or cookie config issue. 2. Inspect your browser cookies before and after sign-out. Is the session cookie (often __Secure-session_token or similar) actually deleted? If not, check that the cookie’s path, domain, and secure/sameSite flags match between server and client. Mismatches here will prevent deletion [example config](https://github.com/better-auth/better-auth/issues/3217). 3. After sign-out, force a client-side refresh (e.g., window.location.reload()) before calling signIn.anonymous(). React hooks like useSession may cache old session data, so you could be seeing a stale session. 4. Double-check your Better Auth config for custom cookie attributes (defaultCookieAttributes, useSecureCookies, etc.) and make sure you’re not using partitioned: true, which can break cookie sharing [see discussion](https://github.com/better-auth/better-auth/discussions/3262). 5. If you have session: { disableSessionRefresh: true } set, try removing it—this can affect session persistence [see PR](https://github.com/better-auth/better-auth/pull/2126). If you still have trouble, please share: the sign-out response, the session cookie’s name and attributes before/after sign-out, and any errors in the browser console. This will help pinpoint if it’s a cookie config, client cache, or server issue. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/e4e15c83-9bce-4239-b6b2-812a9f2d9c2b?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/e4e15c83-9bce-4239-b6b2-812a9f2d9c2b?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/e4e15c83-9bce-4239-b6b2-812a9f2d9c2b?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/e4e15c83-9bce-4239-b6b2-812a9f2d9c2b?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/e4e15c83-9bce-4239-b6b2-812a9f2d9c2b?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/e4e15c83-9bce-4239-b6b2-812a9f2d9c2b?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/e4e15c83-9bce-4239-b6b2-812a9f2d9c2b?feedback_type=other)</sup>&nbsp;&nbsp;[![Join Discord](https://img.shields.io/badge/join-5865F2?logo=discord&logoColor=white&label=)](https://go.dosu.dev/discord-bot)&nbsp;[![Share on X](https://img.shields.io/badge/X-share-black)](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/better-auth/better-auth/issues/3267)
GiteaMirror commented 2026-04-17 17:35:57 -05:00
Author
Owner
Copy Link

@Bruh-Codes commented on GitHub (Jul 5, 2025):

I am uisng an external provider which is new but i want to be able to create a session once i get some custom data from the provider which is not username and amail. i want a way i can sign them in and later they will be able to updat their credential sis there a way i can signin a user this way

<!-- gh-comment-id:3038875071 --> @Bruh-Codes commented on GitHub (Jul 5, 2025): I am uisng an external provider which is new but i want to be able to create a session once i get some custom data from the provider which is not username and amail. i want a way i can sign them in and later they will be able to updat their credential sis there a way i can signin a user this way
GiteaMirror commented 2026-04-17 17:35:57 -05:00
Author
Owner
Copy Link

@Bruh-Codes commented on GitHub (Jul 5, 2025):

it is still not working i tried refreshing the page too but still. I am
still getting that error message.

if (isInitialized) {
if (session?.session.token) {
await authClient.signOut();
router.refresh();
}
const user = await authClient.signIn.anonymous();
if (user.error) {
console.log(user.error);
}
if (user.data?.token) {
router.push("/dashboard");
}
}

On Sat, Jul 5, 2025 at 12:14 PM dosubot[bot] @.***>
wrote:

dosubot[bot] left a comment (better-auth/better-auth#3267)
https://github.com/better-auth/better-auth/issues/3267#issuecomment-3038856349

A few things could be causing the session not to clear:

  1. Check the network tab for your /api/auth/sign-out request—does it
    return a 200 and { success: true }? If not, there may be a backend or
    cookie config issue.
  2. Inspect your browser cookies before and after sign-out. Is the
    session cookie (often __Secure-session_token or similar) actually deleted?
    If not, check that the cookie’s path, domain, and secure/sameSite flags
    match between server and client. Mismatches here will prevent deletion example
    config https://github.com/better-auth/better-auth/issues/3217.
  3. After sign-out, force a client-side refresh (e.g.,
    window.location.reload()) before calling signIn.anonymous(). React hooks
    like useSession may cache old session data, so you could be seeing a stale
    session.
  4. Double-check your Better Auth config for custom cookie attributes
    (defaultCookieAttributes, useSecureCookies, etc.) and make sure you’re not
    using partitioned: true, which can break cookie sharing see discussion
    https://github.com/better-auth/better-auth/discussions/3262.
  5. If you have session: { disableSessionRefresh: true } set, try
    removing it—this can affect session persistence see PR
    https://github.com/better-auth/better-auth/pull/2126.

If you still have trouble, please share: the sign-out response, the
session cookie’s name and attributes before/after sign-out, and any errors
in the browser console. This will help pinpoint if it’s a cookie config,
client cache, or server issue.

To reply, just mention @dosu https://go.dosu.dev/dosubot.

How did I do? Good
https://app.dosu.dev/response-feedback/e4e15c83-9bce-4239-b6b2-812a9f2d9c2b?feedback_type=great_response
| Irrelevant
https://app.dosu.dev/response-feedback/e4e15c83-9bce-4239-b6b2-812a9f2d9c2b?feedback_type=irrelevant_answer
| Incorrect
https://app.dosu.dev/response-feedback/e4e15c83-9bce-4239-b6b2-812a9f2d9c2b?feedback_type=incorrect_sources
| Verbose
https://app.dosu.dev/response-feedback/e4e15c83-9bce-4239-b6b2-812a9f2d9c2b?feedback_type=too_verbose
| Hallucination
https://app.dosu.dev/response-feedback/e4e15c83-9bce-4239-b6b2-812a9f2d9c2b?feedback_type=hallucination
| Report 🐛
https://app.dosu.dev/response-feedback/e4e15c83-9bce-4239-b6b2-812a9f2d9c2b?feedback_type=bug_report
| Other
https://app.dosu.dev/response-feedback/e4e15c83-9bce-4239-b6b2-812a9f2d9c2b?feedback_type=other
[image: Join Discord] https://go.dosu.dev/discord-bot [image: Share
on X]
https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/better-auth/better-auth/issues/3267


Reply to this email directly, view it on GitHub
https://github.com/better-auth/better-auth/issues/3267#issuecomment-3038856349,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/BNZK6EDOZ4KVFSXPXMAKPAL3G66S3AVCNFSM6AAAAACA24VD26VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTAMZYHA2TMMZUHE
.
You are receiving this because you authored the thread.Message ID:
@.***>

<!-- gh-comment-id:3038895243 --> @Bruh-Codes commented on GitHub (Jul 5, 2025): it is still not working i tried refreshing the page too but still. I am still getting that error message. if (isInitialized) { if (session?.session.token) { await authClient.signOut(); router.refresh(); } const user = await authClient.signIn.anonymous(); if (user.error) { console.log(user.error); } if (user.data?.token) { router.push("/dashboard"); } } On Sat, Jul 5, 2025 at 12:14 PM dosubot[bot] ***@***.***> wrote: > *dosubot[bot]* left a comment (better-auth/better-auth#3267) > <https://github.com/better-auth/better-auth/issues/3267#issuecomment-3038856349> > > A few things could be causing the session not to clear: > > 1. Check the network tab for your /api/auth/sign-out request—does it > return a 200 and { success: true }? If not, there may be a backend or > cookie config issue. > 2. Inspect your browser cookies before and after sign-out. Is the > session cookie (often __Secure-session_token or similar) actually deleted? > If not, check that the cookie’s path, domain, and secure/sameSite flags > match between server and client. Mismatches here will prevent deletion example > config <https://github.com/better-auth/better-auth/issues/3217>. > 3. After sign-out, force a client-side refresh (e.g., > window.location.reload()) before calling signIn.anonymous(). React hooks > like useSession may cache old session data, so you could be seeing a stale > session. > 4. Double-check your Better Auth config for custom cookie attributes > (defaultCookieAttributes, useSecureCookies, etc.) and make sure you’re not > using partitioned: true, which can break cookie sharing see discussion > <https://github.com/better-auth/better-auth/discussions/3262>. > 5. If you have session: { disableSessionRefresh: true } set, try > removing it—this can affect session persistence see PR > <https://github.com/better-auth/better-auth/pull/2126>. > > If you still have trouble, please share: the sign-out response, the > session cookie’s name and attributes before/after sign-out, and any errors > in the browser console. This will help pinpoint if it’s a cookie config, > client cache, or server issue. > > *To reply, just mention @dosu <https://go.dosu.dev/dosubot>.* > ------------------------------ > > How did I do? Good > <https://app.dosu.dev/response-feedback/e4e15c83-9bce-4239-b6b2-812a9f2d9c2b?feedback_type=great_response> > | Irrelevant > <https://app.dosu.dev/response-feedback/e4e15c83-9bce-4239-b6b2-812a9f2d9c2b?feedback_type=irrelevant_answer> > | Incorrect > <https://app.dosu.dev/response-feedback/e4e15c83-9bce-4239-b6b2-812a9f2d9c2b?feedback_type=incorrect_sources> > | Verbose > <https://app.dosu.dev/response-feedback/e4e15c83-9bce-4239-b6b2-812a9f2d9c2b?feedback_type=too_verbose> > | Hallucination > <https://app.dosu.dev/response-feedback/e4e15c83-9bce-4239-b6b2-812a9f2d9c2b?feedback_type=hallucination> > | Report 🐛 > <https://app.dosu.dev/response-feedback/e4e15c83-9bce-4239-b6b2-812a9f2d9c2b?feedback_type=bug_report> > | Other > <https://app.dosu.dev/response-feedback/e4e15c83-9bce-4239-b6b2-812a9f2d9c2b?feedback_type=other> > [image: Join Discord] <https://go.dosu.dev/discord-bot> [image: Share > on X] > <https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/better-auth/better-auth/issues/3267> > > — > Reply to this email directly, view it on GitHub > <https://github.com/better-auth/better-auth/issues/3267#issuecomment-3038856349>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/BNZK6EDOZ4KVFSXPXMAKPAL3G66S3AVCNFSM6AAAAACA24VD26VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTAMZYHA2TMMZUHE> > . > You are receiving this because you authored the thread.Message ID: > ***@***.***> >
GiteaMirror commented 2026-04-17 17:35:58 -05:00
Author
Owner
Copy Link

@dosubot[bot] commented on GitHub (Jul 5, 2025):

It looks like the sign-out isn't fully clearing your session, which is why you keep getting the "ANONYMOUS_USERS_CANNOT_SIGN_IN_AGAIN_ANONYMOUSLY" error. This is almost always due to the session cookie not being deleted as expected, often because of a mismatch in cookie attributes (like path, domain, or secure flags) between server and client, or a client-side cache issue see details docs.

To help pinpoint the problem, could you check and share:

  • The network response (status code and body) from your /api/auth/sign-out request.
  • Whether the session cookie (usually named __Secure-session_token or similar) is actually deleted from your browser after sign-out (check in DevTools > Application > Cookies).
  • Any errors or warnings in your browser console or network tab during sign-out/sign-in.
  • Your Better Auth cookie/session config (especially defaultCookieAttributes, useSecureCookies, partitioned, disableSessionRefresh).

This info will help figure out if it's a config, cookie, or client cache issue. If the cookie isn't deleted, double-check that the path, domain, and secure flags match between your server and client. If everything looks right but it still fails, let me know what you find and I can help debug further.

To reply, just mention @dosu.

How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other  Join Discord Share on X

<!-- gh-comment-id:3038900163 --> @dosubot[bot] commented on GitHub (Jul 5, 2025): <!-- Answer --> It looks like the sign-out isn't fully clearing your session, which is why you keep getting the "ANONYMOUS_USERS_CANNOT_SIGN_IN_AGAIN_ANONYMOUSLY" error. This is almost always due to the session cookie not being deleted as expected, often because of a mismatch in cookie attributes (like path, domain, or secure flags) between server and client, or a client-side cache issue [see details](https://github.com/better-auth/better-auth/issues/3217) [docs](https://github.com/better-auth/better-auth/discussions/3262). To help pinpoint the problem, could you check and share: - The network response (status code and body) from your `/api/auth/sign-out` request. - Whether the session cookie (usually named `__Secure-session_token` or similar) is actually deleted from your browser after sign-out (check in DevTools > Application > Cookies). - Any errors or warnings in your browser console or network tab during sign-out/sign-in. - Your Better Auth cookie/session config (especially `defaultCookieAttributes`, `useSecureCookies`, `partitioned`, `disableSessionRefresh`). This info will help figure out if it's a config, cookie, or client cache issue. If the cookie isn't deleted, double-check that the path, domain, and secure flags match between your server and client. If everything looks right but it still fails, let me know what you find and I can help debug further. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/da9fde8e-78ee-4642-94e2-2b9df6b4f6ce?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/da9fde8e-78ee-4642-94e2-2b9df6b4f6ce?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/da9fde8e-78ee-4642-94e2-2b9df6b4f6ce?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/da9fde8e-78ee-4642-94e2-2b9df6b4f6ce?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/da9fde8e-78ee-4642-94e2-2b9df6b4f6ce?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/da9fde8e-78ee-4642-94e2-2b9df6b4f6ce?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/da9fde8e-78ee-4642-94e2-2b9df6b4f6ce?feedback_type=other)</sup>&nbsp;&nbsp;[![Join Discord](https://img.shields.io/badge/join-5865F2?logo=discord&logoColor=white&label=)](https://go.dosu.dev/discord-bot)&nbsp;[![Share on X](https://img.shields.io/badge/X-share-black)](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/better-auth/better-auth/issues/3267)
GiteaMirror commented 2026-04-17 17:35:59 -05:00
Author
Owner
Copy Link

@dagmawibabi commented on GitHub (Jul 10, 2025):

Hi @Bruh-Codes does the response from @dosubot answer your questions?

<!-- gh-comment-id:3058175797 --> @dagmawibabi commented on GitHub (Jul 10, 2025): Hi @Bruh-Codes does the response from @dosubot answer your questions?
GiteaMirror commented 2026-04-17 17:35:59 -05:00
Author
Owner
Copy Link

@Kinfe123 commented on GitHub (Jul 11, 2025):

@Bruh-Codes There's no signup step for anonymous users , you are autosigned in whenever you trigger the anonymous call. it's just a sign-in where we issue a token. If the user later wants to sign up, we trigger an account linking process at that point. please check the test suites. and lmk how are you calling it if the above does not address your issue and make the issue a bit descriptive.

<!-- gh-comment-id:3061119789 --> @Kinfe123 commented on GitHub (Jul 11, 2025): @Bruh-Codes There's no signup step for anonymous users , you are autosigned in whenever you trigger the anonymous call. it's just a sign-in where we issue a token. If the user later wants to sign up, we trigger an account linking process at that point. please check the test [suites](https://github.com/better-auth/better-auth/blob/main/packages/better-auth/src/plugins/anonymous/anon.test.ts). and lmk how are you calling it if the above does not address your issue and make the issue a bit descriptive.
GiteaMirror commented 2026-04-17 17:36:00 -05:00
Author
Owner
Copy Link

@Bruh-Codes commented on GitHub (Jul 14, 2025):

@Kinfe123 it does not auth sign in that was what was my expectation but I was getting the error

ANONYMOUS_USERS_CANNOT_SIGN_IN_AGAIN_ANONYMOUSLY

it should allow anonymous to sign in again until they sign in with otherproviders like google auth, magic link e.t.c then it deletes the anonymous just like it was mentioned in the docs. This flow is better for ecommerce applications and this same idea was mentioned in the docs so I think it need to be fixed or tested by someone else to see what I am talking about.

<!-- gh-comment-id:3069708505 --> @Bruh-Codes commented on GitHub (Jul 14, 2025): @Kinfe123 it does not auth sign in that was what was my expectation but I was getting the error ```ts ANONYMOUS_USERS_CANNOT_SIGN_IN_AGAIN_ANONYMOUSLY ``` it should allow anonymous to sign in again until they sign in with otherproviders like google auth, magic link e.t.c then it deletes the anonymous just like it was mentioned in the docs. This flow is better for ecommerce applications and this same idea was mentioned in the docs so I think it need to be fixed or tested by someone else to see what I am talking about.
GiteaMirror commented 2026-04-17 17:36:01 -05:00
Author
Owner
Copy Link

@Bruh-Codes commented on GitHub (Jul 14, 2025):

@Kinfe123 I'm building a DeFi dApp using an external auth provider tailored for its ecosystem. However, some users prefer faster sign-in methods like Google or magic links. I want to use better-auth as the centralized auth provider, but managing multiple auth systems isn't ideal. Since I can't find a way to manually create sessions for users, I use anonymous sign-in (which doesn't require credentials), and later let users update their profiles to fully authenticate and upgrade from anonymous status.

<!-- gh-comment-id:3069734312 --> @Bruh-Codes commented on GitHub (Jul 14, 2025): @Kinfe123 I'm building a DeFi dApp using an external auth provider tailored for its ecosystem. However, some users prefer faster sign-in methods like Google or magic links. I want to use better-auth as the centralized auth provider, but managing multiple auth systems isn't ideal. Since I can't find a way to manually create sessions for users, I use anonymous sign-in (which doesn't require credentials), and later let users update their profiles to fully authenticate and upgrade from anonymous status.
GiteaMirror commented 2026-04-17 17:36:01 -05:00
Author
Owner
Copy Link

@Kinfe123 commented on GitHub (Jul 15, 2025):

have you checked if there is a session ?

<!-- gh-comment-id:3072979611 --> @Kinfe123 commented on GitHub (Jul 15, 2025): have you checked if there is a session ?
GiteaMirror commented 2026-04-17 17:36:02 -05:00
Author
Owner
Copy Link

@Bruh-Codes commented on GitHub (Jul 15, 2025):

@Kinfe123 yes there is a session

<!-- gh-comment-id:3073648766 --> @Bruh-Codes commented on GitHub (Jul 15, 2025): @Kinfe123 yes there is a session
GiteaMirror commented 2026-04-17 17:36:03 -05:00
Author
Owner
Copy Link

@Kinfe123 commented on GitHub (Jul 17, 2025):

if there is a session that means you are already signed in as anonymously. thats why you can not sign in again since the session already exists. for utilizing the updating a user to full authenticate the anonymous plugin handles the account linking with your fully authenicated user.

<!-- gh-comment-id:3085913063 --> @Kinfe123 commented on GitHub (Jul 17, 2025): if there is a session that means you are already signed in as anonymously. thats why you can not sign in again since the session already exists. for utilizing the updating a user to full authenticate the anonymous plugin handles the account linking with your fully authenicated user.
GiteaMirror commented 2026-04-17 17:36:04 -05:00
Author
Owner
Copy Link

@Bruh-Codes commented on GitHub (Jul 18, 2025):

@Kinfe123 you mentioned that if there is already a session and a user signs in as anonymous it should be able to sign them in again even if there is a session without throw the anonymous cannot be signed in again error. However that is the expected behaviour I was looking for but it is not working like that and throwing the error annonymous cannot signin again.

<!-- gh-comment-id:3088599254 --> @Bruh-Codes commented on GitHub (Jul 18, 2025): @Kinfe123 you mentioned that if there is already a session and a user signs in as anonymous it should be able to sign them in again even if there is a session without throw the anonymous cannot be signed in again error. However that is the expected behaviour I was looking for but it is not working like that and throwing the error annonymous cannot signin again.
GiteaMirror commented 2026-04-17 17:36:04 -05:00
Author
Owner
Copy Link

@Kinfe123 commented on GitHub (Jul 18, 2025):

anonymous singin is not like credential sign-in that you are gonna sign-in again. you are already signed in and there is no point of signing anonymously again if you are got a session for you. but you can setup credential or oauth auth which then links your anonymous sign-in's. there is a typo mistake above thats why

<!-- gh-comment-id:3089527956 --> @Kinfe123 commented on GitHub (Jul 18, 2025): anonymous singin is not like credential sign-in that you are gonna sign-in again. you are already signed in and there is no point of signing anonymously again if you are got a session for you. but you can setup credential or oauth auth which then links your anonymous sign-in's. there is a typo mistake above thats why
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
adapter
astro
awaiting external contributor
blocked
breaking
breaking change
bug
c-devops
core
credentials
database
dependencies
devops
devtools
docs
documentation
duplicate
elysia
enhancement
enterprise
expo
express
fastify
good first issue
help wanted
hono
identity
infra
integration
invalid
javascript
locked
maintenance
need-more-information
needs: info
needs: repro
nextjs
nuxt
oauth
organization
P0
payments
perf
platform
plugin
pull-request
Mirrored from GitHub Pull Request
 question
ready
regression
remix
security
social-provider
solid
stale
svelte
tanstack-start
tracking
version-bump
vue
wontfix
No Label locked
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/better-auth#26870
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?