Django: Signed Cookie Crash Fix

A single pull request fixes a crash in Django's signed cookie handling when a project uses the base Signer class instead of the default timed signer, restoring support for a documented but broken configuration.

Duration: PT2M3S

Episode overview

This episode is a short developer briefing from Django.

It explains recent repository work in plain language.

  • Show: Django
  • Published: 2026-07-04T13:03:12Z
  • Audio duration: PT2M3S

Transcript excerpt

This excerpt keeps the crawler page concise. Listen to the episode or use the RSS feed for the full update.

Good day, and welcome to Django, your daily developer briefing for July 4th, 2026.

Today's activity centers on one fix, but it's a meaningful one: an abstraction leak in how Django reads signed cookies.

Pull request 21576, from ZhengKangYang, addresses ticket 37200. The issue was in get signed cookie, the method requests use to read cookies that were cryptographically signed. Internally, that method always passed a max age argument through to the configured signer's unsign method. That works fine with Django's…

The fix makes the max age argument conditional, so it's only passed when the configured signer actually supports it. That's a small change, but it matters because it closes a gap between what Django's documentation promises and what the code actually allowed. If your project, or any project you support, uses a…

The change also comes with test coverage, which is worth noting. It signals the fix isn't just patching the symptom, it's locking in the expected behavior for both signer types going forward, so a future refactor doesn't reintroduce the same mismatch.

What's next: if you maintain code relying on the base Signer class for cookie signing, expect this fix to land in an…

Nearby episodes from Django

  1. Admin Ordering Bug Gets a Duplicate Fix, Docs Get a Cleanup
  2. Model Utilities and Build Infrastructure Updates
  3. Weekly Recap - Cache Performance & Email Security
  4. Email System Checks and Form Fixes
  5. Email Security Documentation and Testing Updates
  6. Async Performance and Admin Reliability Fixes
  7. Bug Fixes and API Improvements
  8. Security and Infrastructure Hardening