id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
13548	'max_age' without 'expires' pitfall: IE doesn't support cookie's max-age	master	nobody	"If you want to set the lifetime of a cookie with HttpResponse.set_cookie(... max_age = something ...) without specifying expires= also, it doesn't work with IE (tested on version 8.0.6001.18702): the cookie is only there for the browser session time.

Of course, you can always specify 'expires' whenever you specify 'max_age', likely with the same information so:[[BR]]
1. It doesn't sound DRY[[BR]]
2. I only want to give 'max_age', and don't want to be bother with 'expires' - in other words, do it yourself, you can[[BR]]
3. It's so easy to forget this constraint (as for the CSRF cookie)

The proposed solution is for Django to set 'expires' when it is not but a 'max_age' is provided.
"		closed	HTTP handling	dev		duplicate	cookie, IE, csrf		Design decision needed	1	0	1	0	0	0