Cookie not set

Throwing after encrypting the refresh token causes cookie to remain unsent, breaking logins and resulting in a "bad decrypt" error, though it may be resolved with the catch block. Similar occurs when performing two server side actions consecutively.