Fixed #31982 -- Made HttpResponse.set_cookie() cast max_age argument to an integer.

django/http/response.py

@@ -184,7 +184,7 @@ class HttpResponseBase:
         else:
             self.cookies[key]['expires'] = ''
         if max_age is not None:
-            self.cookies[key]['max-age'] = max_age
+            self.cookies[key]['max-age'] = int(max_age)
             # IE requires expires, so set it if hasn't been already.
             if not expires:
                 self.cookies[key]['expires'] = http_date(time.time() + max_age)

docs/ref/request-response.txt

@@ -834,8 +834,8 @@ Methods
     Sets a cookie. The parameters are the same as in the
     :class:`~http.cookies.Morsel` cookie object in the Python standard library.
 
-    * ``max_age`` should be a number of seconds, or ``None`` (default) if
-      the cookie should last only as long as the client's browser session.
+    * ``max_age`` should be an integer number of seconds, or ``None`` (default)
+      if the cookie should last only as long as the client's browser session.
       If ``expires`` is not specified, it will be calculated.
     * ``expires`` should either be a string in the format
       ``"Wdy, DD-Mon-YY HH:MM:SS GMT"`` or a ``datetime.datetime`` object

tests/responses/test_cookie.py

@@ -65,6 +65,11 @@ class SetCookieTests(SimpleTestCase):
         self.assertEqual(max_age_cookie['max-age'], 10)
         self.assertEqual(max_age_cookie['expires'], http_date(set_cookie_time + 10))
 
+    def test_max_age_int(self):
+        response = HttpResponse()
+        response.set_cookie('max_age', max_age=10.6)
+        self.assertEqual(response.cookies['max_age']['max-age'], 10)
+
     def test_httponly_cookie(self):
         response = HttpResponse()
         response.set_cookie('example', httponly=True)