distant shard
on my local, the url on the browser and where server runs on is same localhost.
but on production, the url on the browser is not localhost and where server runs on is still localhost in VPC in the cloud.
If i'm failing to get cookies from the request in the middleware, is it the reason?
open groveBOT
Hi @distant shard. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
Yes, the issue you're experiencing could be related to the different environments (local vs production) and how cookies are handled in each.
In Next.js, cookies are regular headers. On a Request, they are stored in the Cookie header. On a Response they are in the Set-Cookie header. Next.js provides a convenient way to access and manipulate these cookies through the cookies extension on NextRequest and NextResponse source (https://nextjs.org/docs/pages/building-your-application/routing/middleware#using-cookies).
However, there are some known issues with cookies in Next.js, especially when it comes to different environments. For example, a cookie might be missing in server actions in production but works in development source (https://github.com/vercel/next.js/issues/50077).
Also, there's an open issue where cookies set in middleware are missing on Server Component render pass source (https://github.com/vercel/next.js/issues/49442).
One workaround suggested in the GitHub issue is to use unstable_cache(), redis, memcached etc. to share state between middleware and RSC if you must have access to the data in the flow of a single request. Alternatively, you can split the job into two requests with a redirect source (https://github.com/vercel/next.js/issues/49442).
Remember that the SameSite attribute of the cookie also plays a role in whether the cookie is sent along with the request. If SameSite is set to Strict, the cookie will only be sent if the site for the cookie matches the site currently shown in the browser's URL bar. So, if your server is running on localhost but your browser URL is different, the cookie won't be sent if SameSite is set to Strict.