can't get set cookies from middleware in page.jsx

Unanswered

Pteromalid wasp posted this in #help-forum

Pteromalid waspOP

2025-02-10T17:54:15.823Z

trying to set an 'x-session-state' = expired cookie so i can show a toast once the session is expired however i'm unable to get that cookie in my page.jsx, it just shows null

middleware:

export async function middleware(request) {
    ...
    if (sessionCookie) {
        const { data, error } = await verifySession()
        // invalid/expired session - redirect to /auth, add x-session-state = expired to headers
        if (error) {
            console.log(`[middleware] - invalid/expired session: ${error}`);
            const response = NextResponse.redirect(new URL('/auth', request.url))
            // response.headers.set('x-session-state', 'expired')
            response.cookies.set('x-session-state', 'expired', {
                httpOnly: true,
                secure: process.env.NODE_ENV === 'production'
            });
            console.log(`[middleware] - INVALID SESSION RESPONSE COOKIES: ${response.cookies}`);
            return response
        }
...

page.jsx:

export default async function Home() {
    // const requestHeaders = await headers();
    // const sessionState = requestHeaders.get('x-session-state') || null
    // console.log(`[Home] - sessionState: ${sessionState}`);
    // const { data } = sessionState !== 'expired' ? await getApiAccountData() : { data: null };
    // // const { data } = sessionState !== 'expired' && sessionState !== null ? await getApiAccountData() : { data: null };
    // console.log(`[Home] - userData: ${data}`);

    const requestCookies = await cookies()
    const sessionStateCookie = requestCookies.get('x-session-state')?.value || null
    console.log(`[Home] - sessionStateCookie: ${sessionStateCookie}`);

    return (
        <>
            <AuthWrapper sessionState={sessionStateCookie}>
                <p>home</p>
            </AuthWrapper>
        </>
    );
}

tried setting it as a header at first but can't get them from redirect so trying with cookies, still can't get it...

14 Replies

@Pteromalid wasp trying to set an 'x-session-state' = expired cookie so i can show a toast once the session is expired however i'm unable to get that cookie in my page.jsx, it just shows null middleware: jsx export async function middleware(request) { ... if (sessionCookie) { const { data, error } = await verifySession() // invalid/expired session - redirect to /auth, add x-session-state = expired to headers if (error) { console.log(`[middleware] - invalid/expired session: ${error}`); const response = NextResponse.redirect(new URL('/auth', request.url)) // response.headers.set('x-session-state', 'expired') response.cookies.set('x-session-state', 'expired', { httpOnly: true, secure: process.env.NODE_ENV === 'production' }); console.log(`[middleware] - INVALID SESSION RESPONSE COOKIES: ${response.cookies}`); return response } ... page.jsx: jsx export default async function Home() { // const requestHeaders = await headers(); // const sessionState = requestHeaders.get('x-session-state') || null // console.log(`[Home] - sessionState: ${sessionState}`); // const { data } = sessionState !== 'expired' ? await getApiAccountData() : { data: null }; // // const { data } = sessionState !== 'expired' && sessionState !== null ? await getApiAccountData() : { data: null }; // console.log(`[Home] - userData: ${data}`); const requestCookies = await cookies() const sessionStateCookie = requestCookies.get('x-session-state')?.value || null console.log(`[Home] - sessionStateCookie: ${sessionStateCookie}`); return ( <> <AuthWrapper sessionState={sessionStateCookie}> <p>home</p> </AuthWrapper> </> ); } tried setting it as a header at first but can't get them from redirect so trying with cookies, still can't get it...

Japanese flying squid

2025-02-10T18:25:00.380Z

when sending code in discord do it like this its much easier to read for others

tsx stands for the programming extension you can use jsx

Japanese flying squid

2025-02-10T18:39:15.043Z

so the problem is sessionStateCookie in your page.tsx is null and not the value it should be right?

@Japanese flying squid so the problem is sessionStateCookie in your page.tsx is null and not the value it should be right?

Pteromalid waspOP

2025-02-10T18:40:39.139Z

yes, i originally tried to set it in the response headers but that doesn't persist for redirects and i read that cookies will but that does not seem to be the case either unless i'm mistaken

Japanese flying squid

2025-02-10T18:41:18.646Z

have you tried to see in your browser if the cookie exist?

Pteromalid waspOP

2025-02-10T18:46:58.958Z

don't see it

Japanese flying squid

2025-02-10T18:48:30.552Z

do you get the console.log([middleware] - invalid/expired session: ${error}); when opening the site

Pteromalid waspOP

2025-02-10T18:53:13.449Z

yes

"GET /api/auth/verify_session HTTP/1.1" 401 -
[verifySession] - error: [object Object], session invalid/expired, deleting cookie
[middleware] - invalid/expired session: User is not authenticated.
[middleware] - request url: http://localhost:3000/auth
[middleware] - referer: http://localhost:3000/
 ✓ Compiled /auth in 213ms (736 modules)
[Auth] - sessionStateCookie: null
[Auth] - sessionStateHeader: null

Japanese flying squid

2025-02-10T18:58:08.393Z

mhmm this is weird

idk wait for a helper

Pteromalid waspOP

2025-02-10T19:08:28.301Z

i'm wondering if it has to do with the redirect? like should i not be setting a cookie in the response?

Pteromalid waspOP

2025-02-10T19:50:26.472Z

if i remove the redirect in middleware and just do NextResponse.next() and then add the cookie in the response i can get the cookie in page.jsx

const response = NextResponse.next()
response.cookies.set('x-session-state', 'expired', {
                httpOnly: true,
                secure: process.env.NODE_ENV === 'production',
                path: '/'
                // sameSite: 'lax'
            });
            return response

"GET /api/auth/verify_session HTTP/1.1" 401 -
[verifySession] - error: [object Object], session invalid/expired, deleting cookie
[middleware] - invalid/expired session: User is not authenticated.
[Home] - sessionStateCookie: expired

why am i not able to do that for the redirect in the middleware though?

Japanese flying squid

2025-02-10T20:11:04.139Z

if the middleware is triggered in /auth too it could end in too many redirects because if session expired redirect to /auth and set cookie even tho you will arive in /auth it will redirect again this could be a problem too

Pteromalid waspOP

2025-02-10T20:45:03.922Z

Once the session expires it deletes the cookie in the middleware verify session call so on redirect to /auth nothing in the middleware would execute since there’s no session token. Idk I don’t see how that causes multiple redirects