fix #12: extract session token before dot (Better Auth signed cookie)

Better Auth cookie format is 'token.signature' but DB only stores the token portion. Split on '.' to extract the actual session token.
2026-04-27 12:38:16 -07:00
parent d8eb0eef8e
commit 2e138a8364
3 changed files with 3 additions and 3 deletions
--- a/src/app/api/user/stats/route.ts
+++ b/src/app/api/user/stats/route.ts
@@ -11,7 +11,7 @@ export async function GET() {
    .split(";")
    .map((c) => c.trim())
    .find((c) => c.startsWith("__Secure-better-auth.session_token=") || c.startsWith("better-auth.session_token="));
-  const token = cookieMatch?.split("=")?.slice(1)?.join("=")?.trim();
+  const token = cookieMatch?.split("=")?.slice(1)?.join("=")?.trim().split(".")[0];
  if (!token) {
    return Response.json({ error: "Unauthorized" }, { status: 401 });
  }