From 3a480f2751f978f25713d5e1405a9b3fd656a21c Mon Sep 17 00:00:00 2001
From: "Yuito Akatsuki (Tani Yutaka)" <yuito@yuito-it.jp>
Date: Thu, 16 Oct 2025 21:17:28 +0900
Subject: [PATCH] fix: Supporting Database Strategies with Credentials Provider

---
 .../core/src/lib/actions/callback/index.ts    | 63 +++++++++++++------
 1 file changed, 43 insertions(+), 20 deletions(-)

diff --git a/packages/core/src/lib/actions/callback/index.ts b/packages/core/src/lib/actions/callback/index.ts
index d11048f7cb..579cec92c5 100644
--- a/packages/core/src/lib/actions/callback/index.ts
+++ b/packages/core/src/lib/actions/callback/index.ts
@@ -358,31 +358,54 @@ export async function callback(
         sub: user.id,
       }
 
-      const token = await callbacks.jwt({
-        token: defaultToken,
-        user,
-        account,
-        isNewUser: false,
-        trigger: "signIn",
-      })
+      // If using JWT sessions, run the jwt callback and set JWT cookies
+      if (useJwtSession) {
+        const token = await callbacks.jwt({
+          token: defaultToken,
+          user,
+          account,
+          isNewUser: false,
+          trigger: "signIn",
+        })
 
-      // Clear cookies if token is null
-      if (token === null) {
-        cookies.push(...sessionStore.clean())
-      } else {
-        const salt = options.cookies.sessionToken.name
-        // Encode token
-        const newToken = await jwt.encode({ ...jwt, token, salt })
+        // Clear cookies if token is null
+        if (token === null) {
+          cookies.push(...sessionStore.clean())
+        } else {
+          const salt = options.cookies.sessionToken.name
+          // Encode token
+          const newToken = await jwt.encode({ ...jwt, token, salt })
 
-        // Set cookie expiry date
-        const cookieExpires = new Date()
-        cookieExpires.setTime(cookieExpires.getTime() + sessionMaxAge * 1000)
+          // Set cookie expiry date
+          const cookieExpires = new Date()
+          cookieExpires.setTime(cookieExpires.getTime() + sessionMaxAge * 1000)
 
-        const sessionCookies = sessionStore.chunk(newToken, {
-          expires: cookieExpires,
+          const sessionCookies = sessionStore.chunk(newToken, {
+            expires: cookieExpires,
+          })
+
+          cookies.push(...sessionCookies)
+        }
+      } else {
+        // Non-JWT (database) sessions: create a session in the adapter and set session cookie
+        if (!adapter) {
+          throw new AuthError("Adapter is required for database sessions")
+        }
+
+        const createdSession = await adapter.createSession({
+          sessionToken: options.session.generateSessionToken(),
+          userId: user.id,
+          expires: new Date(Date.now() + sessionMaxAge * 1000),
         })
 
-        cookies.push(...sessionCookies)
+        cookies.push({
+          name: options.cookies.sessionToken.name,
+          value: createdSession.sessionToken,
+          options: {
+            ...options.cookies.sessionToken.options,
+            expires: createdSession.expires,
+          },
+        })
       }
 
       await events.signIn?.({ user, account })