Better Auth RS

Sessions

Session lifecycle, token handling, and session management endpoints.

The SessionManagementPlugin provides endpoints for querying, listing, and revoking sessions. Sessions are created automatically during sign-up and sign-in.

Setup

use better_auth::plugins::SessionManagementPlugin;

let auth = BetterAuth::new(config)
    .database(database)
    .plugin(SessionManagementPlugin::new())
    .build()
    .await?;

Plugin Options

OptionTypeDefaultDescription
enable_session_listingbooltrueAllow listing all user sessions
enable_session_revocationbooltrueAllow revoking sessions
require_authenticationbooltrueRequire auth for all endpoints

Authentication Methods

Session tokens can be sent via Bearer header or cookie:

Authorization: Bearer session_abc123...
Cookie: better-auth.session-token=session_abc123...

The cookie name is configurable via SessionConfig::cookie_name.

Get Current Session

GET /get-session
Authorization: Bearer <token>

Response

{
  "session": {
    "id": "uuid",
    "token": "session_abc123...",
    "userId": "uuid",
    "expiresAt": "2024-01-08T00:00:00Z",
    "createdAt": "2024-01-01T00:00:00Z",
    "updatedAt": "2024-01-01T00:00:00Z",
    "ipAddress": null,
    "userAgent": null
  },
  "user": {
    "id": "uuid",
    "email": "alice@example.com",
    ...
  }
}

Returns 401 if the token is missing, invalid, or expired.

Sign Out

POST /sign-out
Authorization: Bearer <token>

Revokes the current session. Returns:

{
  "success": true
}

List Sessions

GET /list-sessions
Authorization: Bearer <token>

Returns all active sessions for the authenticated user:

{
  "sessions": [
    { "id": "uuid", "token": "session_...", "createdAt": "...", ... },
    { "id": "uuid", "token": "session_...", "createdAt": "...", ... }
  ]
}

Revoke a Specific Session

POST /revoke-session
Authorization: Bearer <token>
Content-Type: application/json
{
  "token": "session_to_revoke..."
}

Returns { "success": true }.

Revoke All Sessions

POST /revoke-sessions
Authorization: Bearer <token>

Revokes all sessions for the user, including the current one:

{
  "count": 3
}

Revoke Other Sessions

POST /revoke-other-sessions
Authorization: Bearer <token>

Revokes all sessions except the current one:

{
  "count": 2
}

Session Configuration

Session behavior is configured via AuthConfig:

use std::time::Duration;

let config = AuthConfig::new("secret...")
    .session_expires_in(Duration::from_secs(7 * 24 * 3600)); // 7 days

See Configuration Options for all session settings.

Email & Password

Sign up and sign in with email, password, and optional username.

Password Management

Forget, reset, change, and set passwords.

On this page

SetupPlugin OptionsAuthentication MethodsGet Current SessionResponseSign OutList SessionsRevoke a Specific SessionRevoke All SessionsRevoke Other SessionsSession Configuration