TanStack Start + Better Auth - Issue Reproduction

A minimal reproduction repository demonstrating an issue with Better Auth session cookies when using the reactStartCookies plugin with session-related plugins in TanStack Start.

Issue

Session token cookie not set when using reactStartCookies plugin with session-related plugins in TanStack Start

The session token cookie is not properly set in the browser when combining the reactStartCookies plugin with other session-related plugins (multiSession, lastLoginMethod, oneTap) and/or enabling session cookie cache.

See auth.ts for the configuration and inline comments describing the issue.

Prerequisites

• Bun (or Node.js 18+)
• PostgreSQL database

Setup

• Clone the repository

git clone <your-repo-url>
   cd tanstack-better-auth-test

• Install dependencies

bun install
   # or
   npm install

• Set up environment variables

Copy .env.example to .env and fill in the required values:

cp .env.example .env

Required environment variables:

• DATABASE_URL: PostgreSQL connection string

• BETTER_AUTH_SECRET: Secret key for Better Auth (minimum 32 characters)

• VITE_BASE_URL: Base URL for your app (e.g., http://localhost:3000)

• GOOGLE_CLIENT_ID: Google OAuth client ID

• GOOGLE_CLIENT_SECRET: Google OAuth client secret

• Set up Google OAuth

• Go to Google Cloud Console

• Create a new project or select an existing one

• Enable Google+ API

• Create OAuth 2.0 credentials

• Add authorized redirect URI: http://localhost:3000/api/auth/callback/google

• Copy the client ID and secret to your .env file

• Set up the database

Create a PostgreSQL database:

createdb better_auth_test

Apply the database schema using Better Auth CLI:

npx @better-auth/cli migrate
   # or
   npx drizzle-kit push

• Run the development server

bun run dev
   # or
   npm run dev

The app will be available at http://localhost:3000

Reproducing the Issue

• Start the development server
• Navigate to the authentication page
• Click "Sign in with Google"
• Complete the Google OAuth flow
• Open browser DevTools > Application > Cookies
• Expected: Session token cookie should be present
• Actual: Session token cookie is missing

Testing Different Configurations

The issue can be reproduced by uncommenting different sections in src/lib/auth.ts:

Configuration 1: All plugins enabled (current state)

• Lines 30-33: multiSession(), lastLoginMethod(), oneTap(), reactStartCookies()
• Result: ❌ Session cookie not set

Configuration 2: With session cache

• Uncomment lines 55-60 (session.cookieCache)
• Result: ❌ Session cookie not set

Configuration 3: Only reactStartCookies (workaround)

• Comment out lines 30-32 (keep only reactStartCookies())
• Result: ✅ Session cookie works

Environment

• Better Auth: v1.3.33
• TanStack Start: v1.133.34
• TanStack React Router: v1.133.32
• React: v19.2.0
• Drizzle ORM: v0.44.7
• PostgreSQL: Latest
• Runtime: Bun (or Node.js)

Project Structure

src/
├── lib/
│   ├── auth.ts          # Better Auth configuration (issue reproduction)
│   ├── db.ts            # Drizzle database instance
│   └── db/
│       └── schema.ts    # Database schema (user, session, account, verification)
└── routes/              # TanStack Start routes

Related Files

• src/lib/auth.ts - Better Auth configuration with issue documentation
• src/lib/db/schema.ts - Database schema definitions

Contributing

If you have insights or potential fixes for this issue, please feel free to open a PR or discussion.

License

MIT