Fixed #22242 -- Documented common cookie size limit.

885e7adf · Daniel Pyrathon · Tim Graham · 834d78ff · 885e7adf
Kaydet (Commit) 885e7adf authored Mar 15, 2014 tarafından Daniel Pyrathon Kaydeden (comit) Tim Graham Mar 16, 2014
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 0 deletions

request-response.txt docs/ref/request-response.txt +8 -0

No files found.
--- a/docs/ref/request-response.txt
+++ b/docs/ref/request-response.txt
@@ -723,6 +723,14 @@ Methods

    .. _HTTPOnly: https://www.owasp.org/index.php/HTTPOnly

+    .. warning::
+
+        Both :rfc:`2109` and :rfc:`6265` state that user agents should support
+        cookies of at least 4096 bytes. For many browsers this is also the
+        maximum size. Django will not raise an exception if there's an attempt
+        to store a cookie of more than 4096 bytes, but many browsers will not
+        set the cookie correctly.
+
 .. method:: HttpResponse.set_signed_cookie(key, value, salt='', max_age=None, expires=None, path='/', domain=None, secure=None, httponly=True)

    Like :meth:`~HttpResponse.set_cookie()`, but