I think your issue here is the path of that cookie.

As in the protected route you are calling is the /dashboard but your cookie has the path /authentication/* so the middleware doesnt get it since its a RSC? maybe?.

I have the same issue thinking that its the http-only part but I have another cookie that isn't http-only with the path /api/* and it doesn't appear either on my frontend the only cookie that works on the middleware is my session_id with the path / and http-only being true. this being the case you might need your cookie to be a empty path to work properly if the routes dont match.