Opened 7 years ago

Closed 7 years ago

#17931 closed Bug (fixed)

set_cookie timezone naive vs aware

Reported by: James Addison Owned by: Aymeric Augustin
Component: HTTP handling Version: master
Severity: Release blocker Keywords: timezone, cookie
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


I appear to be unable to set a cookie when using the following in my settings and code:

from django.utils import timezone

TIME_ZONE = 'America/Vancouver'

I get the following traceback:

Traceback (most recent call last):
  File "/Users/jaddison/projects/testproj/src/django/django/core/handlers/", line 111, in get_response
    response = callback(request, *callback_args, **callback_kwargs)
  File "/Users/jaddison/projects/testproj/src/django/django/views/decorators/", line 77, in wrapped_view
    return view_func(*args, **kwargs)
  File "/Users/jaddison/projects/testproj/project/apps/facebookapp/", line 61, in tab
    response.set_cookie('referral_data', "page-%s" %, + datetime.timedelta(days=settings.SIGNUP_REFERRAL_COOKIE_DURATION))
  File "/Users/jaddison/projects/testproj/src/django/django/http/", line 651, in set_cookie
    delta = expires - expires.utcnow()
TypeError: can't subtract offset-naive and offset-aware datetimes

I *think* that set_cookie needs to be checked for aware vs naive datetime handling, but I'm not sure. Am willing to provide more information upon request.

Attachments (1)

17931.diff (2.6 KB) - added by Aymeric Augustin 7 years ago.

Download all attachments as: .zip

Change History (6)

comment:1 Changed 7 years ago by Aymeric Augustin

Owner: changed from nobody to Aymeric Augustin
Triage Stage: UnreviewedAccepted

comment:2 Changed 7 years ago by Aymeric Augustin

Has patch: set

set_cookie is a bit of a special case already -- its expires argument must be "a naive datetime in UTC", while everything else happens (well, used to happen) in local time in Django. If you use it, you probably have either TIME_ZONE = "UTC" or some conversion code.

Anyway, with aware datetimes being the standard when USE_TZ = True, and the general recommendation to use (as facebookapp does in the traceback above), it makes sense to accept them in set_cookie. Does the attached patch fix your problem?

Last edited 7 years ago by Aymeric Augustin (previous) (diff)

Changed 7 years ago by Aymeric Augustin

Attachment: 17931.diff added

comment:3 Changed 7 years ago by Aymeric Augustin

I just checked that there are no other uses of utcnow in Django, except in code related to time zone support.

comment:4 Changed 7 years ago by James Addison

Yes, the code now works - and it makes sense that it needs to work with naive datetimes internally when setting the cookie. Nice work.

Not sure if I should resolve the bug as fixed or not... I'll leave that for others as I don't want to step on toes.

comment:5 Changed 7 years ago by Aymeric Augustin

Resolution: fixed
Status: newclosed

In [17766]:

Fixed #17931 -- Accepted aware datetimes to set cookies expiry dates. Thanks jaddison for the report.

Note: See TracTickets for help on using tickets.
Back to Top