For those who might have the same problem, I have figured out that I can make a reverse proxy using Next.js rewrites function.

I have created a reverse proxy like this in next.config.js

async rewrites() {
    return [
      {
        source: "/api/:path*",
        destination: `${process.env.NEXT_PUBLIC_BACKEND_URL}/:path*`,
      },
    ];
  },

then changed my cookie to be like this

res.cookie("auth_session", token, {
    httpOnly: true,
    secure: true,
    sameSite: "lax",
    maxAge: 60 * 60 * 24 * 30,
    path: "/",
})