[GH-ISSUE #3837] setActiveOrganization does not cause update in other react hooks #9738

New Issue

GiteaMirror · 2026-04-13T05:25:13-05:00

GiteaMirror commented

2026-04-13 05:25:13 -05:00

Originally created by @dnil-io on GitHub (Aug 6, 2025).
Original GitHub issue: https://github.com/better-auth/better-auth/issues/3837

Is this suited for github?

Yes, this is suited for github

To Reproduce

If I use the following example in react to determine the selected organisation:

const { data } = authClient.useSession();
console.log(data?.session.activeOrganizationId);

and do

await authClient.organization.setActive({ organizationId: orgId });

I would expect the useSession() hook to cause an update. But this does not happen :/ I know I can use useActiveOrganization which causes an update but this is one networkrequest more which I would prefer not having to do.

Current vs. Expected behavior

Current:
const { data } = authClient.useSession();
No update on setActive(...)

Expected:
const { data } = authClient.useSession();
Update on setActive(...)

What version of Better Auth are you using?

1.3.4

Provide environment information

Not relevant

Which area(s) are affected? (Select all that apply)

Client

Auth config (if applicable)

import { betterAuth } from "better-auth"
export const auth = betterAuth({
  emailAndPassword: {  
    enabled: true
  },
  //org plugin enabled
});

Additional context

No response

Originally created by @dnil-io on GitHub (Aug 6, 2025). Original GitHub issue: https://github.com/better-auth/better-auth/issues/3837 ### Is this suited for github? - [x] Yes, this is suited for github ### To Reproduce If I use the following example in react to determine the selected organisation: ``` const { data } = authClient.useSession(); console.log(data?.session.activeOrganizationId); ``` and do ` await authClient.organization.setActive({ organizationId: orgId }); ` I would expect the useSession() hook to cause an update. But this does not happen :/ I know I can use useActiveOrganization which causes an update but this is one networkrequest more which I would prefer not having to do. ### Current vs. Expected behavior Current: const { data } = authClient.useSession(); No update on setActive(...) Expected: const { data } = authClient.useSession(); Update on setActive(...) ### What version of Better Auth are you using? 1.3.4 ### Provide environment information ```bash Not relevant ``` ### Which area(s) are affected? (Select all that apply) Client ### Auth config (if applicable) ```typescript import { betterAuth } from "better-auth" export const auth = betterAuth({ emailAndPassword: { enabled: true }, //org plugin enabled }); ``` ### Additional context _No response_

GiteaMirror added the locked label 2026-04-13 05:25:13 -05:00

GiteaMirror closed this issue

2026-04-13 05:25:14 -05:00

GiteaMirror commented

2026-04-13 05:25:15 -05:00

@dosubot[bot] commented on GitHub (Aug 6, 2025):

Hi @dnil-io! I'm Dosu and I’m helping the better-auth team.

This is a known architectural limitation in Better Auth: calling setActiveOrganization does not automatically update the session object returned by useSession(). The session context is determined by the session or cookies, and useSession() only updates when the session itself is refreshed or refetched—not when the active organization changes via setActiveOrganization. This is why useActiveOrganization updates reactively (with an extra network request), but useSession() does not (source, source, source).

Workarounds include manually refetching the session after calling setActiveOrganization, forcing a component re-render, or using useActiveOrganization despite the extra request. Also, avoid mixing destructured and direct object methods from the auth client, as this can break reactivity in useSession() (source).

There’s no recent change in v1.3.4 that addresses this—it's not considered a bug, just a limitation of the current design. If you need code samples or more technical details, let me know!

To reply, just mention @dosu.

^{How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other}

@dosubot[bot] commented on GitHub (Aug 6, 2025):  Hi @dnil-io! I'm [Dosu](https://go.dosu.dev/dosubot) and I’m helping the better-auth team.  This is a known architectural limitation in Better Auth: calling setActiveOrganization does not automatically update the session object returned by useSession(). The session context is determined by the session or cookies, and useSession() only updates when the session itself is refreshed or refetched—not when the active organization changes via setActiveOrganization. This is why useActiveOrganization updates reactively (with an extra network request), but useSession() does not ([source](https://github.com/better-auth/better-auth/issues/2309), [source](https://github.com/better-auth/better-auth/issues/769), [source](https://github.com/better-auth/better-auth/issues/3452)). Workarounds include manually refetching the session after calling setActiveOrganization, forcing a component re-render, or using useActiveOrganization despite the extra request. Also, avoid mixing destructured and direct object methods from the auth client, as this can break reactivity in useSession() ([source](https://github.com/better-auth/better-auth/issues/1006)). There’s no recent change in v1.3.4 that addresses this—it's not considered a bug, just a limitation of the current design. If you need code samples or more technical details, let me know!  *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/cba9cef4-7b3e-42b0-9b36-66dde6530a97?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/cba9cef4-7b3e-42b0-9b36-66dde6530a97?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/cba9cef4-7b3e-42b0-9b36-66dde6530a97?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/cba9cef4-7b3e-42b0-9b36-66dde6530a97?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/cba9cef4-7b3e-42b0-9b36-66dde6530a97?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/cba9cef4-7b3e-42b0-9b36-66dde6530a97?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/cba9cef4-7b3e-42b0-9b36-66dde6530a97?feedback_type=other)</sup>  [![Chat with Dosu](https://dosu.dev/dosu-chat-badge.svg)](https://app.dosu.dev/cdda13d9-dd27-4d31-b09a-5d8bec92de21/ask?utm_source=github) [![Join Discord](https://img.shields.io/badge/join-5865F2?logo=discord&logoColor=white&label=)](https://go.dosu.dev/discord-bot) [![Share on X](https://img.shields.io/badge/X-share-black)](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/better-auth/better-auth/issues/3837)

GiteaMirror commented

2026-04-13 05:25:15 -05:00

@dnil-io commented on GitHub (Aug 6, 2025):

I do not agree completely to be honest @Dosu. I am hoping a human will look into this as well. I think it could be an easy fix, especially since unlike Dosu claims, the activeSession is not stored inside of the cookies. The initial state is set by the get-session request, that is correct. But I do not think that optimistically updating the session if the server returns 200 on the setActiveOrganisation is the worst thing to do.. Especially since this is a hook and not the getSession()-method. If this is really not possible, at least a warning in the documentation would be nice that the hook is only mildly reactive and a fancy version of the getSession as a query. Also I was not successful finding how to trigger refetching of the session behind useSession. Maybe you could actually be helpful here @Dosu and help me out ;)

But it is true that it is probably also affecting other parts of the session object probably. I do not know if they get

Also, avoid mixing destructured and direct object methods from the auth client, as this can break reactivity in useSession() (https://github.com/better-auth/better-auth/issues/1006).

This part is completely halucinated though I believe.

@dnil-io commented on GitHub (Aug 6, 2025): I do not agree completely to be honest @Dosu. I am hoping a human will look into this as well. I think it could be an easy fix, especially since unlike Dosu claims, the activeSession is not stored inside of the cookies. The initial state is set by the get-session request, that is correct. But I do not think that optimistically updating the session if the server returns 200 on the setActiveOrganisation is the worst thing to do.. Especially since this is a hook and not the getSession()-method. If this is really not possible, at least a warning in the documentation would be nice that the hook is only mildly reactive and a fancy version of the getSession as a query. Also I was not successful finding how to trigger refetching of the session behind useSession. Maybe you could actually be helpful here @Dosu and help me out ;) But it is true that it is probably also affecting other parts of the session object probably. I do not know if they get > Also, avoid mixing destructured and direct object methods from the auth client, as this can break reactivity in useSession() (https://github.com/better-auth/better-auth/issues/1006). This part is completely halucinated though I believe.

GiteaMirror commented

2026-04-13 05:25:16 -05:00

@dosubot[bot] commented on GitHub (Aug 6, 2025):

You can manually trigger a session update by calling the refetch method returned from useSession(). For example:

const { data, refetch } = authClient.useSession();
// After setActiveOrganization:
await authClient.organization.setActive({ organizationId: orgId });
refetch();

This is the officially supported way to refresh the session after actions like setActiveOrganization—there’s no built-in optimistic update, so a refetch is needed to sync the session state with the server response. The session is managed in-memory and updated via the get-session endpoint, not cookies, so your understanding is correct on that point. Optimistic updates aren’t currently supported in the hook itself ref.

On the destructuring/direct method point: it’s not a hallucination—mixing destructured and direct object methods from the auth client can break reactivity in useSession() due to how object references are tracked internally. Stick to either destructured or direct usage consistently to avoid subtle bugs ref.

There’s no explicit documentation warning about this limitation yet, but maintainers have acknowledged the need for better docs. Other session fields are subject to the same reactivity caveats—use refetch as a general workaround when you need up-to-date session data.

To reply, just mention @dosu.

^{How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other}

@dosubot[bot] commented on GitHub (Aug 6, 2025):  You can manually trigger a session update by calling the refetch method returned from useSession(). For example: ```js const { data, refetch } = authClient.useSession(); // After setActiveOrganization: await authClient.organization.setActive({ organizationId: orgId }); refetch(); ``` This is the officially supported way to refresh the session after actions like setActiveOrganization—there’s no built-in optimistic update, so a refetch is needed to sync the session state with the server response. The session is managed in-memory and updated via the get-session endpoint, not cookies, so your understanding is correct on that point. Optimistic updates aren’t currently supported in the hook itself [ref](https://github.com/better-auth/better-auth/issues/3608). On the destructuring/direct method point: it’s not a hallucination—mixing destructured and direct object methods from the auth client can break reactivity in useSession() due to how object references are tracked internally. Stick to either destructured or direct usage consistently to avoid subtle bugs [ref](https://github.com/better-auth/better-auth/issues/1006). There’s no explicit documentation warning about this limitation yet, but maintainers have acknowledged the need for better docs. Other session fields are subject to the same reactivity caveats—use refetch as a general workaround when you need up-to-date session data.  *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/33e76c8a-98d6-45a4-bbac-5819e07a4ca3?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/33e76c8a-98d6-45a4-bbac-5819e07a4ca3?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/33e76c8a-98d6-45a4-bbac-5819e07a4ca3?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/33e76c8a-98d6-45a4-bbac-5819e07a4ca3?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/33e76c8a-98d6-45a4-bbac-5819e07a4ca3?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/33e76c8a-98d6-45a4-bbac-5819e07a4ca3?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/33e76c8a-98d6-45a4-bbac-5819e07a4ca3?feedback_type=other)</sup>  [![Chat with Dosu](https://dosu.dev/dosu-chat-badge.svg)](https://app.dosu.dev/cdda13d9-dd27-4d31-b09a-5d8bec92de21/ask?utm_source=github) [![Join Discord](https://img.shields.io/badge/join-5865F2?logo=discord&logoColor=white&label=)](https://go.dosu.dev/discord-bot) [![Share on X](https://img.shields.io/badge/X-share-black)](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/better-auth/better-auth/issues/3837)

GiteaMirror commented

2026-04-13 05:25:17 -05:00

@himself65 commented on GitHub (Aug 7, 2025):

maybe related: https://github.com/better-auth/better-auth/issues/1006

@himself65 commented on GitHub (Aug 7, 2025): maybe related: https://github.com/better-auth/better-auth/issues/1006

GiteaMirror commented

2026-04-13 05:25:17 -05:00

@issam-seghir commented on GitHub (Aug 7, 2025):

discussion #3860

@issam-seghir commented on GitHub (Aug 7, 2025): [discussion #3860](https://github.com/better-auth/better-auth/discussions/3860)

GiteaMirror commented

2026-04-13 05:25:18 -05:00

@dosubot[bot] commented on GitHub (Nov 6, 2025):

Hi, @dnil-io. I'm Dosu, and I'm helping the better-auth team manage their backlog and am marking this issue as stale.

Issue Summary:

You reported that calling setActiveOrganization via authClient.organization.setActive does not update the useSession() React hook automatically.
useActiveOrganization updates correctly but triggers an extra network request.
The core limitation is that useSession() only updates on session refetch, not automatically after setActiveOrganization.
The recommended workaround is to manually call refetch() from useSession() after setActiveOrganization to keep state in sync.
You requested clearer documentation on this behavior, and the discussion also touched on potential reactivity issues when mixing destructured and direct auth client methods (#1006).

Next Steps:

Please confirm if this issue is still relevant with the latest version of better-auth; if so, feel free to keep the discussion open by commenting here.
Otherwise, I will automatically close this issue in 7 days.

Thanks for your understanding and contribution!

@dosubot[bot] commented on GitHub (Nov 6, 2025): Hi, @dnil-io. I'm [Dosu](https://dosu.dev), and I'm helping the better-auth team manage their backlog and am marking this issue as stale. **Issue Summary:** - You reported that calling `setActiveOrganization` via `authClient.organization.setActive` does not update the `useSession()` React hook automatically. - `useActiveOrganization` updates correctly but triggers an extra network request. - The core limitation is that `useSession()` only updates on session refetch, not automatically after `setActiveOrganization`. - The recommended workaround is to manually call `refetch()` from `useSession()` after `setActiveOrganization` to keep state in sync. - You requested clearer documentation on this behavior, and the discussion also touched on potential reactivity issues when mixing destructured and direct auth client methods (#1006). **Next Steps:** - Please confirm if this issue is still relevant with the latest version of better-auth; if so, feel free to keep the discussion open by commenting here. - Otherwise, I will automatically close this issue in 7 days. Thanks for your understanding and contribution!

Sign in to join this conversation.

Branches Tags

2026-05-22/chore/adopt-agents-md

2026-05-22/refactor/string-case-utils

dependabot/npm_and_yarn/uuid-14.0.0

dependabot/npm_and_yarn/turbo-2.9.14

changeset-release/main

main

2026-05-14/fix/passkey-verify-error-and-claim

dependabot/npm_and_yarn/samlify-2.13.0

dependabot/npm_and_yarn/ws-8.20.1

changeset-release/next

dependabot/npm_and_yarn/demo/electron/demo-minor-patch-519ef7475f

dependabot/github_actions/github-actions-98f3470200

client-assertions-main

2026-05-15/ci/fix-sqlite-abi-mismatch

2026-05-15/fix/organization-team-add-cascade

2026-05-15/fix/parse-set-cookie-value-validation

2026-05-13/feat/captcha-wildcard-endpoints

2026-05-13/ci/stabilize-docker-startup

fix/i18n-before-hook-translation

fix/disable-migration-generate

2026-05-07/fix/admin-set-password-upsert

2026-05-10/fix/cookie-drain-order

2026-05-10/feat/hooks-finally

2026-05-09/fix/cookie-drain-order

2026-05-09/feat/hooks-finally

2026-05-08/feat/register-before-send

fix/stripe/subscription-data-merge

2026-05-01/chore/pnpm-v11-harden

chore/pnpm-v11

2026-04-29/feat/google-include-granted-scopes

2026-04-29/fix/oauth-account-scope-semantics

2026-04-27/fix/nextcookies-idempotent-writes

2026-04-26/fix/harden-proxy-host-validation

2026-04-26/refactor/stripe-callback-signature-cleanup

2026-04-26/fix/stripe-subscription-callback-timing

2026-04-11/fix/sveltekit-app-modules

feat/open-api-zod-contract

feat/oauth-provider-backchannel-logout-next

feat/oauth-idp-initiated-bounce

refactor/sign-in-challenges

2026-04-21/fix/oauth-rfc-input-validation

fix/release-notes-new-packages

fix/two-factor-identity-guard

fix/resource

feat/emailpassword-authorize

2026-04-12/security/dynamic-baseurl-proxy-trust-default

feat/oauth-provider-at-hash-v2

fix/release-grep-fallback

claude/address-review-comments-JhFLr

claude/slack-update-stripe-docs-consistency-8Sc0w

feat/async-auth

fix/two-factor-totp-verified-enrollment

feat/plugin-ui

codex/blog-1-6-release-post

2026-04-06/fix/type-any-guards

2026-04-05/chore/downgrade-better-call

2026-04-04/ci/skip-vercel-fork-prs

2026-03-28/ci/add-autofix-ci

chore/release-preview-script

himself65/2026/02/19/role

2026-03-24/fix/update-user-info-on-link

2026-03-20/docs/improve-website

2026-03-20/fix/anonymous-onlinkaccount-expo

2026-02-17/fix/anonymous-link-state

fix/8607-saml-inresponseto

fix/8549-scim-patch-noop

v1.4.x

refactor/migration-snapshot-tests

worktree-magic-link-additional-data

chore/migrate-build-to-rollup

worktree-fix-dynamic-baseurl-8447

2026-03-06/chore/public-api-check

fix/close-8156-regression-test

fix/secondary-storage-json-error-handling

himself65/verification-namespace

cursor/issue-8307-validation-79a3

himself65/2026/01/30/error-mdx

v1.4.x-staging

fix/email-otp-user

fix/restrict-full-organization-access-roles

himself65/2026/02/12/count

himself65/2026/02/04/define-plugin

2026-02-04/feat/add-pluralize

cursor/better-auth-js-integration-ec21

cursor/expo-state-mismatch-394c

2026-02-01/fix/org-update-role-sync-members

cursor/issue-7607-investigation-e146

cursor/email-generation-helper-0ff6

himself65/2026/01/21/avoid-spread-operator

himself65/2026/01/14/cli

claude/slack-add-docs-pr-NMvgO

claude/slack-add-advanced-useplural-WHKYL

feat/hooks-pos

feat/2fa-phone

feat/2fa

fix/rotation

fix/username-check

v1.3.x

refactor/organization

feat/multiple-client-ids-social-providers

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/better-auth#9738