Proper guide to implement NextJS authentication?

[siamahnaf]

Hello, I read the nextjs authentication docs creating session, middleware session check (We need to prevent database check here), and use data access layer for checking. I understand everything.

But I am not getting any information about update session or refreshing session. But I find a small things on their docs-

https://nextjs.org/docs/app/building-your-application/authentication#updating-or-refreshing-sessions

Here they give a function like-

import 'server-only'
import { cookies } from 'next/headers'
import { decrypt } from '@/app/lib/session'
 
export async function updateSession() {
  const session = (await cookies()).get('session')?.value
  const payload = await decrypt(session)
 
  if (!session || !payload) {
    return null
  }
 
  const expires = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000)
 
  const cookieStore = await cookies()
  cookieStore.set('session', session, {
    httpOnly: true,
    secure: true,
    expires: expires,
    sameSite: 'lax',
    path: '/',
  })
}

But I am not understanding from where I need to call this function.

If I call it from middleware, server-action, and or route-handler it should work. But it should not work from Server Component.

So an api call from server-component which one verify session and find that session is expired, then what will be happen?

Please give me some suggestions here, Please help me?