I have frontend on Nextjs 14 app router and a backend in nodejs, that set http only jwt cookie in header when the user login to the app. Then I have a function getMe() in the middleware, that gets the profile info. If http only is set correctly, getMe() send a response type success, if is not, it gives failure. Then I check, if it is success, the user can access to his profile, if is not, middleware must redirect him to the sign-in page.