Next.js Discord

Discord Forum

Cookies can only be modified in a Server Action or Route Handler

Unanswered
Florida White posted this in #help-forum
Open in Discord
Florida WhiteOP
Hey guys, on production we are getting a lot of errors about modifing cookies. The thing is that in our whole codebase we don't have .set() for cookies or headers - we have just "get" for headers/cookies inside server actions or routes. The only place where I have cookies.delete() is inside my error-handling, when I got from parent API (our main one) I got 401 then I'm executing cookies().delete("myCookieName") to logout and redirect to main app (yes we have main app in .net and then one of the modules in Next.js). Do you have any idea? Example error, it doesn't contain any actual path to file where can be a problem

tD [Error]: Cookies can only be modified in a Server Action or Route Handler. Read more: https://nextjs.org/docs/app/api-reference/functions/cookies#cookiessetname-value-options
at Proxy.callable (C:\1.3.0-alpha.-2025.264\node_modules\next\dist\compiled\next-server\app-page.runtime.prod.js:13:13497)
at h (C:\1.3.0-alpha.-2025.264.next\server\chunks\6267.js:6:54648)
at u (C:\1.3.0-alpha.-2025.264.next\server\chunks\6267.js:6:50305)
at process.processTicksAndRejections (node:internal/process/task_queues:105:5)
at async Promise.all (index 1)
at async G (C:\1.3.0-alpha.-2025.264.next\server\chunks\6267.js:6:48041) {
digest: '863286735'
}

4 Replies

Florida WhiteOP
and inside my route.ts files on catch I'm doing it like this
catch (error) {
return await handleRouteError(error as ResponseError | Error);
}

and then in SWR hook
import { GetAllNotesResponse } from "@app/types";
import { fetcher } from "@app/utils/axios";
import useSWR, { SWRResponse } from "swr";

type useCaseTypesParams = {
  caseId: string;
  queryParams?: string;
};

export const useGetAllCaseNotes = ({
  caseId,
  queryParams = ""
}: useCaseTypesParams): SWRResponse<GetAllNotesResponse> => {
  const url = `/api/case-notes/get-all/${caseId}${queryParams}`;
  return useSWR(url, async () => fetcher(url).then((res) => res), {
    revalidateOnFocus: false,
    refreshWhenHidden: false,
    refreshInterval: 30_000
  });
};
so basically it should be executed on server - not on client - with using route + SWR it should go back to fetcher (axios) and using interceptor on 401 I'm just using window.location.reload(), with server action permamentRedirect - just to catch on main url that I'm logged out and go back to main .net app login screen
Florida WhiteOP
bump