How to Modify Cookies from a Next.js 14 Server Component

Learn how to Modify Cookies in a Next.js 14 Server Component easily

8 months ago—4 min read

Introduction

In Next.js 14, modifying cookies inside a Server Component is not straightforward. Since Server Components do not have access to the response object, methods like cookies().set() won’t work as expected.

This guide explains a simple workaround to modify cookies indirectly and provides secure alternatives for handling authentication cookies.

Why Can't You Modify Cookies in a Server Component?

Here’s why modifying cookies directly in a Server Component does not work:

No Access to Response Headers – Server Components don’t interact with HTTP responses, so they cannot modify cookies.
Cookies Are Read-Only in Server Components – You can read cookies using cookies(), but you cannot update them.
Only the Browser Can Modify Cookies – Since cookies are controlled by the browser, they must be modified via response headers or JavaScript.

To work around this, we need an indirect approach.

Workaround: Modify Cookies Using a Client Component

Since cookies cannot be modified directly in a Server Component, we can:

Read the cookie in a Server Component.
Modify the value on the server.
Pass the modified value to a Client Component.
Update the cookie in the browser using js-cookie.

This ensures that the cookie gets updated without breaking Next.js’s architecture.

Step 1: Read and Modify the Cookie in a Server Component

Create a Server Component that reads the cookie and passes the modified value to a Client Component.

import { cookies } from "next/headers";
import ClientComponent from "./ClientComponent";

export default async function Page() {
  // Read the cookie on the server
  const cookieStore = cookies();
  const userToken = cookieStore.get("user-token")?.value || "default-token";

  // Modify the cookie value on the server
  const updatedToken = `${userToken}-modified`;

  return (
    <div>
      <h1>Server Component</h1>
      <p>Original Cookie: {userToken}</p>
      <ClientComponent updatedToken={updatedToken} />
    </div>
  );
}

Step 2: Update the Cookie in a Client Component

Use a Client Component to update the cookie in the browser using js-cookie.

"use client";

import { useEffect } from "react";
import Cookies from "js-cookie";

export default function ClientComponent({ updatedToken }: { updatedToken: string }) {
  useEffect(() => {
    // Set the updated cookie in the browser
    Cookies.set("user-token", updatedToken, { path: "/" });
  }, [updatedToken]);

  return (
    <div>
      <h2>Client Component</h2>
      <p>New Token Set in Browser: {updatedToken}</p>
    </div>
  );
}

Now, when the Client Component mounts, it updates the cookie in the browser.

Downsides of This Approach

While this method works, it has some limitations:

No HTTP-Only Cookies – Cookies set with js-cookie can be accessed by JavaScript, making them unsuitable for authentication.
Security Risks – Client-side cookies are vulnerable to XSS attacks.
Delayed Cookie Updates – Cookies are only updated after the Client Component mounts.

If security is a concern, consider using a more secure method.

Secure Alternatives for HTTP-Only Cookies

For secure authentication, use API routes or Server Actions instead of js-cookie.

Option 1: Use an API Route to Set Secure Cookies

This method sets an HTTP-only cookie in the response headers.

import { NextResponse } from "next/server";

export async function GET() {
  const response = new NextResponse("Cookie Set", { status: 200 });

  response.cookies.set("user-token", "123456", {
    httpOnly: true,
    secure: true,
    path: "/",
  });

  return response;
}

✅ Secure: The cookie is HTTP-only and cannot be accessed by JavaScript.
❌ Requires an API call to update cookies.

Option 2: Use Server Actions (Experimental)

Next.js Server Actions allow modifying cookies directly on the server.

"use server";

import { cookies } from "next/headers";
import { redirect } from "next/navigation";

export async function setUserCookie() {
  cookies().set("user-token", "abcdef", { httpOnly: true, secure: true });
  redirect("/dashboard"); // Redirect after setting the cookie
}

✅ Secure: Does not require client-side JavaScript.
❌ Experimental: This feature may change in future Next.js updates.

Conclusion

If you don’t need HTTP-only cookies, the Client Component workaround can help update cookies indirectly. However, for secure authentication, use an API route or Server Actions to set HTTP-only cookies.

Choose the best method based on your security and performance needs.

Web Development

#nextjs

#server component

#modify cookie

How to Modify Cookies from a Next.js 14 Server Component

Learn how to Modify Cookies in a Next.js 14 Server Component easily

Introduction

Why Can't You Modify Cookies in a Server Component?

Workaround: Modify Cookies Using a Client Component

Step 1: Read and Modify the Cookie in a Server Component

Step 2: Update the Cookie in a Client Component

Downsides of This Approach

Secure Alternatives for HTTP-Only Cookies

Option 1: Use an API Route to Set Secure Cookies

Option 2: Use Server Actions (Experimental)

Conclusion

Implementing Markup Schema JSON-LD in Next.js for SEO Optimization

Learn how to implement Markup Schema in Next.js using JSON-LD to improve SEO and enhance search engine visibility. Step-by-step guide with examples.

How to implement CUID2 in Next.js 14/15 with Drizzle ORM & Mongoose

Ready to take your Next.js app to the next level? 🚀 Learn how to implement CUID2, Drizzle ORM, and Mongoose for a seamless experience in Next.js14/15. Say goodbye to traditional routing and hello to efficiency! #Nextjs #CUID2 #DrizzleORM #Mongoose

How to Send Emails from a Custom Domain in Node.js (Express.js) with Resend

Learn how to send emails from a custom domain like [email protected] using Express.js and Resend. This step-by-step guide covers setup, API integration, and sending emails efficiently with code examples.

Exploring the Serenity of Panchpokhari Lake: A Four-Day Trekking Expedition

Embark on a mesmerizing four-day trek to Panchpokhari Lake in Nepal's Sindupalchowk district. Explore rugged terrain and witness breathtaking snow-covered landscapes. Discover the spiritual allure of this hidden gem with me as your guide.

Implementing JWE Authentication in Node.js(Express.js): A Secure Alternative to JWT

Learn how to implement JWE authentication in Express.js and understand why JWE is a secure alternative to JWT for handling sensitive data in web applications.

Annapurna Base Camp Trek: A Journey Through Nature's Paradise

Discover the breathtaking Annapurna Base Camp trek, a journey through dense forests, rugged trails, and towering Himalayan peaks. Immerse yourself in Nepal's stunning landscapes, rich culture, and an unforgettable adventure. Read my full journey.

Artificial Intelligence: Recomendation System

AI or Artificial Intelligence is the basis for the imitation of human intelligence by developing and using algorithms designed into a complex computer environment. In simple words, AI is trying to make computer think and act like humans.

Information Systems and Database

Information System is basically a computer-based system that involves in collecting, storing and processing data in an organized way. Databases are the well-organized collection of data.