Better Auth cookies not saving in frontend after sign-in on Vercel deployment with Express/MongoDB
22:46 06 Sep 2025

I'm building a full-stack application using Bun, Express, Node.js, MongoDB, and Better Auth for authentication. The app works perfectly on localhost, but after deploying to Vercel, cookies are not being saved in the frontend after user sign-in, causing authentication to fail on page refresh.

  1. Cookies are not being saved in the frontend after user sign-in
  2. Frontend is not sending cookies to backend via request headers in subsequent API calls

Tech Stack:

  • Backend: Bun + Express + Better Auth + MongoDB
  • Frontend: React.js + Tailwind CSS + Better Auth Client
  • Deployment: Vercel
  • Auth Provider: GitHub OAuth

Current Configuration:

authInstance = betterAuth({
  advanced: {
    cookies: {
      session_token: {
        name: "session_token",
        attributes: {
          sameSite: "None",
          domain: "ai-test-case-iprf.vercel.app",
          path: "/",
          secure: true,
          httpOnly: false,
        },
      },
    },
  },
  database: mongodbAdapter(db),
  baseURL: process.env.BETTER_AUTH_URL,
  socialProviders: {
    github: {
      clientId: process.env.GITHUB_CLIENT_ID,
      clientSecret: process.env.GITHUB_CLIENT_SECRET,
    },
  },
  trustedOrigins: [
    process.env.FRONTEND_URL,
    process.env.BETTER_AUTH_URL,
  ],
});

Environment Variables:

  • BETTER_AUTH_URL: https://my-backend-is-differ.vercel.app
  • FRONTEND_URL: https://ai-test-case-iprf.vercel.app

Problem:

  1. Localhost: Authentication works perfectly, cookies are set and persist
  2. Production (Vercel):
    • Sign-in API call succeeds
    • User gets redirected properly
    • BUT cookies are not saved in browser
    • Page refresh loses authentication state

What I've Tried:

  1. Cookie Configuration:

    • Set sameSite: "None" and secure: true for cross-origin
    • Tried httpOnly: false to make cookies accessible
    • Set explicit domain matching my Vercel deployment

  2. CORS Configuration:

    • Added frontend URL to trustedOrigins

  3. Multiple Deployment Attempts:

    • Redeployed several times with different configurations
    • Verified environment variables are set correctly

Browser Developer Tools:

Network Tab:

  • Sign-in request: 200 OK but no Set-Cookie headers visible
  • Subsequent API calls: No Cookie header in request

Application Tab:

  • No session cookies appear after successful sign-in
  • Cookie storage remains empty

Console:

  • No CORS errors
  • No explicit cookie-related errors

Questions:

  1. Are there specific Vercel deployment configurations needed for Better Auth cookies?
  2. Should I avoid setting an explicit domain for .vercel.app deployments?
  3. Do I need additional frontend configuration to accept cross-origin cookies?
  4. Is there a Better Auth + Vercel specific setup I'm missing?
mongodb express cookies vercel better-auth