Next.js: Set-Cookie with Partitioned Attribute (CHIPS)
Updated April 2026
Audit your cookies automatically.
Cookie Partitioning Auditor →
Next.js's cookies().set() API doesn't yet support the Partitioned
App Router — raw header (recommended)
// app/api/session/route.ts
import { NextResponse } from 'next/server';
export async function POST(request: Request) {
const response = NextResponse.json({ status: 'ok' });
// Use headers.append for Partitioned — cookies() API doesn't support it yet
response.headers.append(
'Set-Cookie',
'session=abc; SameSite=None; Secure; Partitioned; HttpOnly; Path=/; Max-Age=86400'
);
return response;
}
App Router — middleware (for all routes)
// middleware.ts
import { NextResponse } from 'next/server';
import type { NextRequest } from 'next/server';
export function middleware(request: NextRequest) {
const response = NextResponse.next();
response.headers.append(
'Set-Cookie',
'session=abc; SameSite=None; Secure; Partitioned; HttpOnly; Path=/'
);
return response;
}
Pages Router
// pages/api/session.ts
import type { NextApiRequest, NextApiResponse } from 'next';
export default function handler(req: NextApiRequest, res: NextApiResponse) {
res.setHeader('Set-Cookie',
'session=abc; SameSite=None; Secure; Partitioned; HttpOnly; Path=/; Max-Age=86400'
);
res.json({ status: 'ok' });
}
Multiple cookies
// App Router — multiple Set-Cookie headers
response.headers.append('Set-Cookie',
'session=abc; SameSite=None; Secure; Partitioned; HttpOnly; Path=/'
);
response.headers.append('Set-Cookie',
'pref=dark; SameSite=Lax; Secure; HttpOnly; Path=/'
);
// Pages Router
res.setHeader('Set-Cookie', [
'session=abc; SameSite=None; Secure; Partitioned; HttpOnly; Path=/',
'pref=dark; SameSite=Lax; Secure; HttpOnly; Path=/',
]);
cookies().set() limitation: The Next.js
Audit your cookies → Cookie Partitioning Auditor
cookies() API in App Router does not yet expose a partitioned option. Track the issue at github.com/vercel/next.js. Until it's added, use response.headers.append('Set-Cookie', ...).