Diagnosing Missing Cookies in Nuxt SSR Server Context

The first ten minutes — establish facts before touching code.

• 1Add a console.log(JSON.stringify(req.headers)) at the top of serverMiddleware/index.js to check if cookies are present in headers.
• 2Use curl -I 'https://your-app.com' -H 'Cookie: test=1' and verify if your middleware logs show the test cookie.
• 3On the server, inspect incoming headers using tcpdump: sudo tcpdump -A -i any port 443 | grep -i cookie
• 4Double-check NGINX/Cloudflare/ELB config for proxy_set_header Cookie $http_cookie;
• 5Temporarily hardcode a set-cookie header in serverMiddleware and see if the browser receives it in SSR responses.
• 6Use req.cookies vs. req.headers.cookie depending on library (cookieparser, cookie-universal-nuxt, etc.)

The specific files, logs, configs, and dashboards that usually own this bug.

• searchserverMiddleware/index.js and any custom API endpoints in /api/
• searchnuxt.config.js for serverMiddleware and SSR config
• searchauth module config (e.g., @nuxtjs/auth, @nuxt/auth-next)
• searchReverse proxy configs: NGINX, Apache, AWS ALB rules
• searchBrowser DevTools Network tab (check requests to your SSR entrypoint for Cookie headers)
• searchAny custom server (express/fastify) setup wrapping Nuxt

Practical causes, not theory. These are the things you will actually find.

• warningProxy not forwarding Cookie header (common with NGINX and Cloudflare default configs)
• warningUsing window or document.cookie in SSR context instead of req.headers.cookie
• warningForgetting to register cookie-parser or universal-cookie module in Nuxt serverMiddleware
• warningCookie flagged as HttpOnly and then attempting to read it client-side only
• warningWrong path/domain attributes on set-cookie (cookie not sent on SSR request path)
• warningMixing SPA and SSR modes, causing store/state hydration mismatch

Concrete fix directions. Pick the one that matches your root cause.

• buildExplicitly forward Cookie headers in all proxy layers (e.g., proxy_set_header Cookie $http_cookie; in NGINX)
• buildSwitch all SSR cookie reads to rely on req.headers.cookie or context.app.$cookies from universal-cookie module
• buildIf using serverMiddleware, always parse cookies with cookieparser: app.use(cookieParser());
• buildUpdate nuxt.config.js to ensure serverMiddleware runs before any SSR-rendered route
• buildFor session cookies, set SameSite=Lax and check Path/Domain matches SSR entrypoint
• buildIn nuxtServerInit, always check if process.server && !!context.req before reading cookies

A fix you cannot prove is a guess. Close the loop.

• verifiedLog headers in serverMiddleware and verify cookies arrive on every SSR-rendered request
• verifiedSSR-rendered pages reflect logged-in state or session from cookie (not just after hydration)
• verifiedTest logins from incognito and ensure SSR state initializes from cookies every time
• verifiedBrowser DevTools shows Set-Cookie and Cookie headers present in both requests and responses
• verifiedReload SSR page, inspect store, and confirm it matches expected cookie-derived state
• verifiedWrite an integration test using supertest to check cookie handoff in /api and SSR

Things that make this bug worse or harder to find.

• warningDo not rely on client-side cookie libraries (like js-cookie) for SSR logic
• warningNever assume cookies are always present; always check for undefined in SSR context
• warningDon’t trust that your cloud proxy is forwarding all headers unless you verify (esp. Cloudflare, AWS ALB)
• warningAvoid reading cookies in asyncData/fetch without confirming process.server and context.req
• warningDon’t mix SPA mode and SSR mode configuration in the same Nuxt deployment
• warningNever set cookies with mismatched Domain, Path, or SameSite attributes

Frequently asked questions