Refs #33562 -- Made HttpResponse.set_cookie() raise ValueError when both "expires" and "max_age" are passed.

This fixes the case where you might pass set_cookie(expires=val, max_age=val) and max_age is silently ignored.
author: Luke Plant <L.Plant.98@cantab.net> 2022-03-04 13:05:07 +0000
committer: Mariusz Felisiak <felisiak.mariusz@gmail.com> 2022-03-07 08:04:18 +0100
commit: f3bf6c4218404479f7841e0af213d5db65913278 (patch)
tree: 9d49a86c58a315ca7ddb8c2082917074a04dceb3 /django/http
parent: ae2da5ba652c1a11cd88dcb119744dcecaeb03ee (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/django/http/response.py b/django/http/response.py
index 59120c8e0d..801a0c0640 100644
--- a/django/http/response.py
+++ b/django/http/response.py
@@ -244,6 +244,8 @@ class HttpResponseBase:
                 delta = delta + datetime.timedelta(seconds=1)
                 # Just set max_age - the max_age logic will set expires.
                 expires = None
+                if max_age is not None:
+                    raise ValueError("'expires' and 'max_age' can't be used together.")
                 max_age = max(0, delta.days * 86400 + delta.seconds)
             else:
                 self.cookies[key]["expires"] = expires
author	Luke Plant <L.Plant.98@cantab.net>	2022-03-04 13:05:07 +0000
committer	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2022-03-07 08:04:18 +0100
commit	f3bf6c4218404479f7841e0af213d5db65913278 (patch)
tree	9d49a86c58a315ca7ddb8c2082917074a04dceb3 /django/http
parent	ae2da5ba652c1a11cd88dcb119744dcecaeb03ee (diff)