iron-session icon indicating copy to clipboard operation
iron-session copied to clipboard
verified publisher icon vvo

Cookie not being saved with Next.js 15 and Safari

Open josiahwiebe opened this issue 1 year ago • 7 comments

It seems like the change to the cookies() function in Next.js may have broken a variety of things (#840, #861, #869).

The specific issue that I've encountered is that the cookie does not get saved when using Safari (version 18.0.1). I've created a simple reproduction for the issue here: https://github.com/josiahwiebe/iron-session-next-15-safari-example

Steps to reproduce

These examples should be tested in Safari. In Chromium based browsers and Firefox, this example behaves as expected.

  1. Test the example "using iron-session". Click login, and refresh the page. Your logged-in state will not be preserved.
  2. Test the example "using iron-session seal/unseal". This is the current workaround I'm using. Your logged-in state should be preserved on refresh.

josiahwiebe avatar Nov 07 '24 22:11 josiahwiebe

Had the same issue here! Next.js kept throwing the error Cookies can only be modified in a Server Action or Route Handler. when the sameSite option was set to lax. However, changing this option to strict seemed to solve the issue. Now everything is working as expected. Don't have any clue what could cause this behaviour, but thought it might be useful information.

CasvanderGun avatar Nov 11 '24 20:11 CasvanderGun

@josiahwiebe or @CasvanderGun would you like to open a PR? It should work with 14 and 15 ideally, thanks!

vvo avatar Nov 12 '24 08:11 vvo

@CasvanderGun ~~that didn't seem work for me unfortunately.~~ never mind, I'm just a fool. setting it to strict does work – I think possibly no PR necessary.

josiahwiebe avatar Nov 12 '24 16:11 josiahwiebe

@josiahwiebe The weird thing is that this "solution" seems to be unstable. Most times it won't throw the error mentioned above, but sometimes it will, even when the sameSite option is set to strict. Also having troubles again?

@vvo Unfortunately I'm still a very unexperienced developer, so I don't know whether I would be able to add a lot of value here. Just trying to get my first app working, which is already challenging enough :)

CasvanderGun avatar Nov 12 '24 20:11 CasvanderGun

@josiahwiebe Thanks a lot for this, if you find a way to fix it open a PR. Otherwise I will have a look but in approximately 2 weeks. Thanks.

vvo avatar Nov 15 '24 11:11 vvo

In my tests with sealData/unsealData on localhost with Next.js 15.0.4 and React 19.0.0: Safari - It works (cookie is set) when the secure cookie option is explicitly set to false. Chrome - It works when the secure cookie option is explicitly set to true.

If secure is not specified at all (making it false), it works on both browsers.

santisbon avatar Dec 09 '24 07:12 santisbon

Do you have any fixes for this issue? I am also having it. In the development mode, it works fine. On Build, it only works on the same machine. All other machines don't seem to save the cookie.

AssadRajab avatar Apr 30 '25 22:04 AssadRajab