Describe the Bug
With the following setup:
- collections/Users.ts (auth: true)
- collections/Admins.ts (auth: true)
Logged in as a "Admin" user, calling /api/users/me returns 404 (or 403, depending on read permission)
Link to the code that reproduces this issue
https://github.com/kevineinarsson/payload-auth-reproduction
Reproduction Steps
pnpm test:e2e # Check the cross-auth.e2e.spec.ts.
Cause: src/auth/operations/me.ts
if (req.user) {
[..]
const user = (await req.payload.findByID({
})) as TypedUser
[..]
if (req.user.collection !== collection.config.slug) {
return {
user: null!,
}
}Moving the collection check first would avoid performing a DB query altogether and avoids this being logged - it's just a /me check
Which area(s) are affected?
area: core
Environment Info
Binaries:
Node: 25.6.1
npm: 11.10.1
Yarn: N/A
pnpm: 10.28.2
Relevant Packages:
payload: 3.78.0
next: 15.4.11
@payloadcms/db-sqlite: 3.78.0
@payloadcms/drizzle: 3.78.0
@payloadcms/graphql: 3.78.0
@payloadcms/next/utilities: 3.78.0
@payloadcms/richtext-lexical: 3.78.0
@payloadcms/translations: 3.78.0
@payloadcms/ui/shared: 3.78.0
react: 19.2.1
react-dom: 19.2.1
Operating System:
Platform: linux
Arch: x64
Version: #1 SMP PREEMPT_DYNAMIC Sat, 28 Feb 2026 14:31:21 +0000
Available memory (MB): 31770
Available CPU cores: 20
Describe the Bug
With the following setup:
Logged in as a "Admin" user, calling
/api/users/mereturns 404 (or 403, depending on read permission)Link to the code that reproduces this issue
https://github.com/kevineinarsson/payload-auth-reproduction
Reproduction Steps
Cause:
src/auth/operations/me.tsMoving the collection check first would avoid performing a DB query altogether and avoids this being logged - it's just a /me check
Which area(s) are affected?
area: core
Environment Info