#Browser Cookie

In my Qwik JS + Axios + Fiber (Go) project, I’m trying to store authentication cookies (access_token & refresh_token) in the browser after a successful login.

My backend (Fiber v3) sets cookies using Set-Cookie with HttpOnly, SameSite=Lax, and AllowCredentials=true in CORS.

When I call the login API directly from a browser-side function using axios.post(..., { withCredentials: true }), the cookies are stored correctly in the browser.

However, when I perform the same request inside a Qwik routeAction$, the cookies are not stored.

So my questions are:

What is the recommended or ideal way in Qwik to perform login so that backend cookies are stored in the browser?

Should login be handled through a routeAction$, or should it always be done inside a $() function (client-side)?

If routeAction$ is preferred, how can I forward Set-Cookie headers from the backend to the browser correctly?

When you perform the request in the route action, it is being done on the server. Your browser is not involved. You could pass on the cookie header to the browser but frankly that'd be a bit weird.

Not sure what you're aiming for but if you're sending external API requests via the server I would use a session to store the cookies in, to be used by the server only.