TanStack · ulrichstark · Mar 26, 2026 · Mar 26, 2026 · Mar 29, 2026 · Mar 29, 2026
diff --git a/packages/router-core/package.json b/packages/router-core/package.json
@@ -163,7 +163,7 @@
   },
   "dependencies": {
     "@tanstack/history": "workspace:*",
-    "cookie-es": "^2.0.0",
+    "cookie-es": "^3.0.0",
     "seroval": "^1.4.2",
     "seroval-plugins": "^1.4.2"
   },

diff --git a/packages/start-server-core/package.json b/packages/start-server-core/package.json
@@ -82,13 +82,13 @@
     "@tanstack/router-core": "workspace:*",
     "@tanstack/start-client-core": "workspace:*",
     "@tanstack/start-storage-context": "workspace:*",
-    "h3-v2": "npm:h3@2.0.1-rc.16",
+    "h3": "2.0.1-rc.19",
     "seroval": "^1.4.2"
   },
   "devDependencies": {
     "@standard-schema/spec": "^1.0.0",
     "@tanstack/intent": "^0.0.14",
-    "cookie-es": "^2.0.0",
+    "cookie-es": "^3.0.0",
     "fetchdts": "^0.1.6",
     "vite": "*",
     "@types/node": ">=20"

diff --git a/packages/start-server-core/src/request-response.ts b/packages/start-server-core/src/request-response.ts
@@ -19,7 +19,7 @@ import {
   unsealSession as h3_unsealSession,
   updateSession as h3_updateSession,
   useSession as h3_useSession,
-} from 'h3-v2'
+} from 'h3'
 import type {
   RequestHeaderMap,
   RequestHeaderName,
@@ -147,8 +147,7 @@ export function getRequest(): Request {
 }
 
 export function getRequestHeaders(): TypedHeaders<RequestHeaderMap> {
-  // TODO `as any` not needed when fetchdts is updated
-  return getH3Event().req.headers as any
+  return getH3Event().req.headers
 }
 
 export function getRequestHeader(name: RequestHeaderName): string | undefined {
@@ -284,7 +283,16 @@ export function setResponseStatus(code?: number, text?: string): void {
  */
 export function getCookies(): Record<string, string> {
   const event = getH3Event()
-  return h3_parseCookies(event)
+  const cookies = h3_parseCookies(event)
+  const normalizedCookies: Record<string, string> = Object.create(null)
+
+  for (const [name, value] of Object.entries(cookies)) {
+    if (value !== undefined) {
+      normalizedCookies[name] = value
+    }
+  }
+
+  return normalizedCookies
 }
 
 /**
@@ -296,7 +304,9 @@ export function getCookies(): Record<string, string> {
  * ```
  */
 export function getCookie(name: string): string | undefined {
-  return getCookies()[name] || undefined
+  const event = getH3Event()
+  const cookies = h3_parseCookies(event)
+  return cookies[name] || undefined
-  const event = getH3Event()
-  const cookies = h3_parseCookies(event)
-  return cookies[name] || undefined
+export function getCookie(name: string): string | undefined {
+  const event = getH3Event()
+  const cookies = h3_parseCookies(event)
+  return cookies[name]
+}
-  const event = getH3Event()
-  const cookies = h3_parseCookies(event)
-  return cookies[name] || undefined
+export function getCookie(name: string): string | undefined {
+  const event = getH3Event()
+  const cookies = h3_parseCookies(event)
+  return cookies[name]
+}
 }
 
 /**

diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml