Ticket #13549: csrf.diff

django/middleware/csrf.py

@@ -8 +8 @@
 import itertools
 import re
 import random
+import time
 
 from django.conf import settings
 from django.core.urlresolvers import get_callable
 from django.utils.cache import patch_vary_headers
 from django.utils.hashcompat import md5_constructor
+from django.utils.http import cookie_date
 from django.utils.safestring import mark_safe
 
 _POST_FORM_RE = \
@@ -177 +179 @@
             return response
 
         # Set the CSRF cookie even if it's already set, so we renew the expiry timer.
+        max_age = 60 * 60 * 24 * 7 * 52
         response.set_cookie(settings.CSRF_COOKIE_NAME,
-                request.META["CSRF_COOKIE"], max_age = 60 * 60 * 24 * 7 * 52,
+                request.META["CSRF_COOKIE"], max_age = max_age,
+                expires = cookie_date(time.time() + max_age),
                 domain=settings.CSRF_COOKIE_DOMAIN)
         # Content varies with the CSRF cookie, so set the Vary header.
         patch_vary_headers(response, ('Cookie',))