useSession().update() does not update req.auth in middleware

[0-Sandy]

Environment

  System:
    OS: Windows 11 10.0.26100
    CPU: (12) x64 AMD Ryzen 5 4600G with Radeon Graphics
    Memory: 3.47 GB / 15.37 GB
  Binaries:
    Node: 22.17.0 - C:\Program Files\nodejs\node.EXE
    npm: 10.9.2 - C:\Program Files\nodejs\npm.CMD
    pnpm: 10.15.0 - ~\AppData\Local\pnpm\pnpm.EXE
  Browsers:
    Edge: Chromium (139.0.3405.125)
    Internet Explorer: 11.0.26100.1882
  npmPackages:
    @auth/prisma-adapter: ^1.0.14 => 1.6.0
    next: 15.5.0 => 15.5.0
    next-auth: 5.0.0-beta.29 => 5.0.0-beta.29
    react: 19.1.1 => 19.1.1

Reproduction URL

https://github.com/0-Sandy/recursos-sanignacio

Describe the issue

In my project, I need users who sign in with OAuth to set a role after signing in. I have middleware that checks req.auth.user.role and redirects users to a "complete profile" page until they choose a role.

However, calling update() from useSession() does not update req.auth on the middleware, so the middleware continues to redirect the user even after the role is set.

Is there a recommended way to refresh or update req.auth in middleware, so he sees the new role immediately?

How to reproduce

1. Setup project

   • Clone the repository and install dependencies:

     npm install

   • Set up the database with Prisma:

     npx prisma db push
     npx prisma generate

   • Configure environment variables for Google OAuth and NextAuth.

2. Start the development server

   npm run dev
   

3. Sign in with OAuth (Google)

   • Log in with a Google account that does not have a role yet.
   • The middleware should redirect to /complete-profile because req.auth.user.role === null.

4. Complete the profile form

   • Select a role (STUDENT, TEACHER or ADMIN) and submit.
   • The API successfully updates the user’s role in the database.

5. Observe the bug

   • The middleware continues to redirect the user to /complete-profile.
   • req.auth.user.role is still null in the middleware, even though the database is updated.
   • Calling useSession().update() on the client does not refresh req.auth.

Expected behavior

• After updating the role, the middleware should detect the new role and stop redirecting.

Actual behavior

• The middleware continues to redirect because req.auth.user.role does not reflect the updated role immediately.

[CoffeSiberian]

Same issue: when I call UPDATE from the client, the trigger always returns undefined. For now, in order for the system to be usable, I force the client to manually log in again with their credentials

[CoffeSiberian]

Update: While testing, I discovered that update requires a parameter such as a payload indicating what you want to update in the token, and you can capture it with session. If you don't pass anything, it won't work and won't give the instruction in the update trigger. Apparently, the documentation doesn't say much about this, or I'm not really understanding how to use it correctly ☕

https://authjs.dev/reference/nextjs/react#usesession
https://authjs.dev/reference/nextjs/react#sessioncontextvaluer