Could this also be related to how the frontend handles the redirect after a successful login? I'm wondering if the server action finishes before the browser has a chance to store the cookies, especially when working in development mode without HTTPS. Has anyone seen this behavior when testing locally with Next.js server functions?