diff --git a/django/http/response.py b/django/http/response.py index 59120c8e0d..801a0c0640 100644 --- a/django/http/response.py +++ b/django/http/response.py @@ -244,6 +244,8 @@ class HttpResponseBase: delta = delta + datetime.timedelta(seconds=1) # Just set max_age - the max_age logic will set expires. expires = None + if max_age is not None: + raise ValueError("'expires' and 'max_age' can't be used together.") max_age = max(0, delta.days * 86400 + delta.seconds) else: self.cookies[key]["expires"] = expires diff --git a/tests/responses/test_cookie.py b/tests/responses/test_cookie.py index 3a57dcfe45..b6610cbaab 100644 --- a/tests/responses/test_cookie.py +++ b/tests/responses/test_cookie.py @@ -76,6 +76,14 @@ class SetCookieTests(SimpleTestCase): response.set_cookie("max_age", max_age=timedelta(hours=1)) self.assertEqual(response.cookies["max_age"]["max-age"], 3600) + def test_max_age_with_expires(self): + response = HttpResponse() + msg = "'expires' and 'max_age' can't be used together." + with self.assertRaisesMessage(ValueError, msg): + response.set_cookie( + "max_age", expires=datetime(2000, 1, 1), max_age=timedelta(hours=1) + ) + def test_httponly_cookie(self): response = HttpResponse() response.set_cookie("example", httponly=True)