Make sure your jwt callback properly saves the user and token data when someone logs in, and then pass that data to the session callback so it can be used in the session. Double-check that your session strategy is set to "jwt" and that your NEXTAUTH_SECRET is correctly set in your environment file. This should fix the issue!