i'm following nextjs docs for authentication.

the first image contains my login form which sends a request to my backend and receives a jwt token back.

second image contains app/auth/sessions.ts code which i got from the docs. when i try to create a session from my login code with await createSession(token); i get this error:

  × You're importing a component that needs server-only. That only works in a Server Component but one of its parents is marked with "use client", so it's a Client Component.

i understand what this error means, but how can i set my jwt token in cookies and then verify it on a protected route?