Fixed #22242 -- Documented common cookie size limit.

author: Daniel Pyrathon <pirosb3@gmail.com> 2014-03-15 19:18:05 +0000
committer: Tim Graham <timograham@gmail.com> 2014-03-16 10:40:59 -0400
commit: 885e7adf568037b59b5642ab061133eaa00e5d7d (patch)
tree: 69627196e7fdad94f2db787591245ce738b5516e /docs/ref/request-response.txt
parent: 834d78ffc3a7eb62d55ac269f83ac0e7473662ea (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/docs/ref/request-response.txt b/docs/ref/request-response.txt
index 3cff5c26d9..8212511f7e 100644
--- a/docs/ref/request-response.txt
+++ b/docs/ref/request-response.txt
@@ -723,6 +723,14 @@ Methods
 
     .. _HTTPOnly: https://www.owasp.org/index.php/HTTPOnly
 
+    .. warning::
+
+        Both :rfc:`2109` and :rfc:`6265` state that user agents should support
+        cookies of at least 4096 bytes. For many browsers this is also the
+        maximum size. Django will not raise an exception if there's an attempt
+        to store a cookie of more than 4096 bytes, but many browsers will not
+        set the cookie correctly.
+
 .. method:: HttpResponse.set_signed_cookie(key, value, salt='', max_age=None, expires=None, path='/', domain=None, secure=None, httponly=True)
 
     Like :meth:`~HttpResponse.set_cookie()`, but
author	Daniel Pyrathon <pirosb3@gmail.com>	2014-03-15 19:18:05 +0000
committer	Tim Graham <timograham@gmail.com>	2014-03-16 10:40:59 -0400
commit	885e7adf568037b59b5642ab061133eaa00e5d7d (patch)
tree	69627196e7fdad94f2db787591245ce738b5516e /docs/ref/request-response.txt
parent	834d78ffc3a7eb62d55ac269f83ac0e7473662ea (diff)