Opened 4 years ago

Closed 4 years ago

#17931 closed Bug (fixed)

set_cookie timezone naive vs aware

Reported by: jaddison Owned by: aaugustin
Component: HTTP handling Version: master
Severity: Release blocker Keywords: timezone, cookie
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


I appear to be unable to set a cookie when using the following in my settings and code:

from django.utils import timezone

TIME_ZONE = 'America/Vancouver'

I get the following traceback:

Traceback (most recent call last):
  File "/Users/jaddison/projects/testproj/src/django/django/core/handlers/", line 111, in get_response
    response = callback(request, *callback_args, **callback_kwargs)
  File "/Users/jaddison/projects/testproj/src/django/django/views/decorators/", line 77, in wrapped_view
    return view_func(*args, **kwargs)
  File "/Users/jaddison/projects/testproj/project/apps/facebookapp/", line 61, in tab
    response.set_cookie('referral_data', "page-%s" %, + datetime.timedelta(days=settings.SIGNUP_REFERRAL_COOKIE_DURATION))
  File "/Users/jaddison/projects/testproj/src/django/django/http/", line 651, in set_cookie
    delta = expires - expires.utcnow()
TypeError: can't subtract offset-naive and offset-aware datetimes

I *think* that set_cookie needs to be checked for aware vs naive datetime handling, but I'm not sure. Am willing to provide more information upon request.

Attachments (1)

17931.diff (2.6 KB) - added by aaugustin 4 years ago.

Download all attachments as: .zip

Change History (6)

comment:1 Changed 4 years ago by aaugustin

  • Needs documentation unset
  • Needs tests unset
  • Owner changed from nobody to aaugustin
  • Patch needs improvement unset
  • Triage Stage changed from Unreviewed to Accepted

comment:2 Changed 4 years ago by aaugustin

  • Has patch set

set_cookie is a bit of a special case already -- its expires argument must be "a naive datetime in UTC", while everything else happens (well, used to happen) in local time in Django. If you use it, you probably have either TIME_ZONE = "UTC" or some conversion code.

Anyway, with aware datetimes being the standard when USE_TZ = True, and the general recommendation to use (as facebookapp does in the traceback above), it makes sense to accept them in set_cookie. Does the attached patch fix your problem?

Last edited 4 years ago by aaugustin (previous) (diff)

Changed 4 years ago by aaugustin

comment:3 Changed 4 years ago by aaugustin

I just checked that there are no other uses of utcnow in Django, except in code related to time zone support.

comment:4 Changed 4 years ago by jaddison

Yes, the code now works - and it makes sense that it needs to work with naive datetimes internally when setting the cookie. Nice work.

Not sure if I should resolve the bug as fixed or not... I'll leave that for others as I don't want to step on toes.

comment:5 Changed 4 years ago by aaugustin

  • Resolution set to fixed
  • Status changed from new to closed

In [17766]:

Fixed #17931 -- Accepted aware datetimes to set cookies expiry dates. Thanks jaddison for the report.

Note: See TracTickets for help on using tickets.
Back to Top