﻿id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
37200	Signer.unsign() doesn't accept max_age, breaking HttpRequest.get_signed_cookie() when SIGNING_BACKEND is not a TimestampSigner	Stefan Lilov		"HttpRequest.get_signed_cookie() (via signing._unsign_cookie() on 5.2.15+, or inline on earlier 5.2.x patches) unconditionally calls .unsign(value, max_age=max_age) on whatever signer signing.get_cookie_signer() returns — and that signer's class is controlled entirely by the public, documented SIGNING_BACKEND setting. But Signer.unsign(self, signed_value) has never accepted a max_age parameter — only TimestampSigner.unsign(self, value, max_age=None) does. If a project sets SIGNING_BACKEND to ""django.core.signing.Signer"" (a plain, non-expiring signer — a legitimate use case, e.g. to avoid the timestamp prefix on cookie values), every call to request.get_signed_cookie() raises TypeError unconditionally, regardless of whether max_age is actually passed by the caller.

**Minimal reproduction:**


{{{
import django
from django.conf import settings
settings.configure(
    SECRET_KEY=""x"",
    SIGNING_BACKEND=""django.core.signing.Signer"",  # valid, documented override
    USE_TZ=True,
)
django.setup()

from django.test import RequestFactory
from django.http import HttpResponse

rf = RequestFactory()
resp = HttpResponse()
resp.set_signed_cookie(""k"", ""v"")  # signs fine -- Signer.sign() has no max_age issue

req = rf.get(""/"")
req.COOKIES[""k""] = resp.cookies[""k""].value
req.get_signed_cookie(""k"")
# TypeError: Signer.unsign() got an unexpected keyword argument 'max_age'
}}}


**Expected behavior:** request.get_signed_cookie() works with any SIGNING_BACKEND that produces a valid signer (mirroring HttpResponse.set_signed_cookie(), which works fine with a plain Signer since it only calls .sign()).

**Actual behavior:** TypeError on every call, unconditionally — this isn't gated on max_age actually being passed a non-None value; the kwarg is passed either way.
"	Bug	new	HTTP handling	5.2	Normal		signing, cookies, SIGNING_BACKEND, get_signed_cookie		Unreviewed	1	0	0	0	0	0
