Setting server side cookies with next.js and nest.js – Blancer.com Tutorials and projects

I am making a small application using Next.js and Nest.js. I’m making a /login call in my client and the server should return an HttpOnly Cookie. Then if the response is OK we redirect to the homepage, which requires the user to be authenticated. I think I have done this correctly but I’m not sure if I’m missing something as I can see the cookie in my network request’s response headers’. I was assuming that the cookie would be present in the request headers in my middleware, but without manually setting the cookie, none of this works.
Another reason I think I did this wrong is because in my browser’s console after logging in, if I write document.cookie; I can see the cookie.

Server:

  @Public()
  @HttpCode(HttpStatus.OK)
  @Post('signIn')
  async signIn(@Body() signInDto: SignInDto, @Res() response: Response) {
    const { access_token, role } = await this.authService.signIn(
      signInDto.username,
      signInDto.password,
    );
    response.cookie('jwt', access_token, {
      sameSite: 'lax',
      path: '/',
      secure: false,
      httpOnly: true,
    });
    response.send({ message: 'Authenciation Successful', role });
  }

Client:

const LoginPage = () => {
  // should we move this out to an api folder?
  async function handleSubmit(e: FormData) {
    "use server";

    // const formData = new FormData(e.get);
    const username = e.get("username");
    const password = e.get("password");

    const response = await fetch("http://localhost:8080/auth/signIn", {
      method: "POST",
      headers: { "Content-Type": "application/json" },
      credentials: "include",
      body: JSON.stringify({ username, password }),
    });
    console.log("response in cookie ", response.headers.get("Set-Cookie"));
// without this I cannot see the cookie in the browser nor can I make the call on my homepage
    const setCookieHeader = response.headers.get("Set-Cookie");
    if (setCookieHeader) {
      const jwtToken = setCookieHeader.split(";")[0].split("=")[1];
      console.log("JWT Token:", jwtToken);
      cookies().set({ name: "jwt", value: jwtToken, secure: true, path: "/" });
    }

    // if (!response.ok) doesn't work investigate
    if (!response.ok) {
      console.log("Invalid username or password");
      // how can we display an error here without state?
      return;
    }

    // redirect to homepage on success
    redirect("/");
  }