Allow cookies to be set anywhere within a Server Action call stack

[davezuch]

Goals

1. Allow cookies().set(...) to succeed when called from any helper, service, or library function within the call stack of a Server Action
2. Eliminate repetitive boilerplate resulting from session writes being forced to top-level Server Action functions
3. Keep session and cookie logic fully decoupled and encapsulated inside domain or infrastructure libraries, without leaking framework-specific calls into business code

Non-Goals

No response

Background

Next.js 15 enforces that cookies().set(....) only succeeds in the direct scope of a Server Action (or Route Handler, but that's separate from my use-case). Any deeper call, regardless of whether it originates from a Server Action, is rejected with the error:

Cookies can only be modified in a Server Action or Route Handler.

In many real-world architectural patterns, session or cookie management is often encapsulated in reusable libraries or service layers. E.g. authentication logic, session helpers, or dependency-injection frameworks may call cookies().set several abstraction layers down. Under the current restriction, those calls fail at runtime, forcing developers to rewrite those abstractions to somehow lift every cookie write back into each Server Action, which would break encapsulation, create repetitive boilerplate, and tightly couple domain code to framework details.

Proposal

• Deep-stack detection
  Once a Server Action begins execution, allow any nested cookies().set(...) invocation in that call graph to succeed
• Config flag fallback
  Alternatively, a much easier solution would be to allow developers to opt-out of this cookie write restriction by adding a flag to next.config.js

[davezuch]

It seems the behavior I was experiencing was due to some weird async behavior, after refactoring the async flow, it seems setting the cookie deeper in the server action call chain now works, so closing this for now.