Cookie Error #191600

lorenz-reelist8 · 2026-04-05T04:15:44Z

lorenz-reelist8
Apr 5, 2026

🏷️ Discussion Type

Question

Body

The cookie is available in the backend as httpOnly, but when I try to access it in Next.js middleware, the token is undefined.

Here’s how I set the cookie in the backend:

I generate a JWT token
Then store it using res.cookie("token", token, { httpOnly: true, secure: ..., sameSite: "strict", path: "/" })

In my Next.js middleware, I try to access it like this:

const token = req.cookies.get("token")?.value;

But it returns undefined.

Why is the cookie not accessible in middleware even though it exists in the backend? What could be causing this issue?

Guidelines

I have read and understood this category's guidelines before making this post.

Answered by Uriah08

Apr 5, 2026

This usually happens due to how cookies behave between the backend and Next.js middleware, not because your code is wrong.

Common causes:

Cookie not included in the request
If your backend and frontend are on different domains or ports, the browser will NOT send cookies by default.

Fix:
Make sure your request includes credentials:

fetch("http://localhost:5000/api/...", {
credentials: "include"
});

Also enable CORS on your backend:

Access-Control-Allow-Credentials: true

sameSite: "strict"
You are using sameSite: "strict", which blocks cookies on cross-site requests.

Fix:
Use:
sameSite: "lax"
OR
sameSite: "none" (requires secure: true)

secure: true in development
If secure is true, c…

View full answer

Uriah08 · 2026-04-05T04:16:21Z

Uriah08
Apr 5, 2026

This usually happens due to how cookies behave between the backend and Next.js middleware, not because your code is wrong.

Common causes:

Cookie not included in the request
If your backend and frontend are on different domains or ports, the browser will NOT send cookies by default.

Fix:
Make sure your request includes credentials:

fetch("http://localhost:5000/api/...", {
credentials: "include"
});

Also enable CORS on your backend:

Access-Control-Allow-Credentials: true

sameSite: "strict"
You are using sameSite: "strict", which blocks cookies on cross-site requests.

Fix:
Use:
sameSite: "lax"
OR
sameSite: "none" (requires secure: true)

secure: true in development
If secure is true, cookies only work on HTTPS.
On localhost (HTTP), the cookie will NOT be sent.

Fix:
secure: process.env.NODE_ENV === "production"

Domain mismatch
If backend is on:
http://localhost:5000
and frontend is on:
http://localhost:3000

They are treated as different origins.

Fix:
Set cookie properly or proxy requests through Next.js API routes.

Middleware runs on the edge
Next.js middleware runs before your request reaches API routes and only sees cookies that the browser actually sends.

If the cookie is not included in the request, middleware cannot read it.

Summary:
Your token is undefined because the cookie is not being sent to the middleware request. Most likely causes are:

Missing credentials: "include"
sameSite: "strict"
secure: true on localhost
Cross-origin setup

Recommended fix:

Set sameSite: "lax"
Use secure only in production
Use credentials: "include" in fetch
Ensure backend CORS allows credentials

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Community

Cookie Error #191600

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

GitHub Community

Cookie Error #191600

Uh oh!

lorenz-reelist8 Apr 5, 2026

🏷️ Discussion Type

Body

Guidelines

Replies: 1 comment

Uh oh!

Uriah08 Apr 5, 2026

lorenz-reelist8
Apr 5, 2026

Uriah08
Apr 5, 2026