NextAuth Session Not Persisting After Refresh
NextAuth sessions don't persist after page refresh or browser restart. Users are logged out when they refresh, despite having valid tokens. Session data is lost.
Session persistence fails when session adapter isn't configured, JWT expires immediately, or cookie settings don't allow persistence.
Error Messages You Might See
Common Causes
- No session adapter configured (defaults to JWT, not persisted in database)
- JWT maxAge set too low or 0, expiring immediately
- Session cookie sameSite: 'Lax' blocking cross-site persistence
- Database session table not created or inaccessible
- Cookie secure flag preventing HTTP localhost testing
How to Fix It
Add session adapter: For persistent sessions, use database adapter:adapter: PrismaAdapter(prisma),
session: { strategy: 'database' }
Or extend JWT: If using JWT, increase maxAge and set callbacks:jwt: { maxAge: 30 * 24 * 60 * 60 }, // 30 days
Check cookie settings: Ensure sameSite: 'Lax' or 'None', secure only in production (HTTPS).
Test with /api/auth/session: Call this route to verify session is persisted. Should return user object after login.
Real developers can help you.
Pratik
SWE with 15+ years of experience building and maintaining web apps and extensive BE infrastructure
Anthony Akpan
Developer with 8 years of experience building softwares fro startups
legrab
I'll fill this later
Matthew Jordan
I've been working at a large software company named Kainos for 2 years, and mainly specialise in Platform Engineering. I regularly enjoy working on software products outside of work, and I'm a huge fan of game development using Unity. I personally enjoy Python & C# in my spare time, but I also specialise in multiple different platform-related technologies from my day job.
Jen Jacobsen
I’m a Full-Stack Developer with over 10 years of experience building modern web and mobile applications. I enjoy working across the full product lifecycle — turning ideas into real, well-built products that are intuitive for users and scalable for businesses.
I particularly enjoy building mobile apps, modern web platforms, and solving complex technical problems in a way that keeps systems clean, reliable, and easy to maintain.
MFox
Full-stack professional senior engineer (15+years). Extensive experience in software development, qa, and IP networking.
Bastien Labelle
Full stack dev w/ 20+ years of experience
Nam Tran
10 years as fullstack developer
zipking
I am a technologist and product builder dedicated to creating high-impact solutions at the intersection of AI and specialized markets. Currently, I am focused on PropScan (EstateGuard), an AI-driven SaaS platform tailored for the Japanese real estate industry, and exploring the potential of Archify.
As an INFJ-T, I approach development with a "systems-thinking" mindset—balancing technical precision with a deep understanding of user needs. I particularly enjoy the challenge of architecting Vertical AI SaaS and optimizing Small Language Models (SLMs) to solve specific, real-world business problems. Whether I'm in a CTO-level leadership role or hands-on with the code, I thrive on building tools that turn complex data into actionable value.
rayush33
JavaScript (React.js, React Native, Node.js) Developer with demonstrated industry experience of 4+ years, actively looking for opportunities to hone my skills as well as help small-scale business owners with solutions to technical problems
You don't need to be technical. Just describe what's wrong and a verified developer will handle the rest.
Get HelpFrequently Asked Questions
Should I use JWT or database sessions?
JWT: stateless, scalable, good for APIs. Database: stateful, can revoke instantly, better for web apps. Choose based on needs.
How long should session maxAge be?
30 days is common for remember-me. 1 day for security-sensitive apps. Set in strategy-specific config.
Why is session undefined on localhost?
Check secure: false in development. Cookies won't persist with secure: true on HTTP localhost. Use conditional in config.