From 9f7bd831846a921e233c1f95d725235db9550438 Mon Sep 17 00:00:00 2001
From: Daniel Pyrathon <pirosb3@gmail.com>
Date: Sat, 15 Mar 2014 19:18:05 +0000
Subject: [PATCH] [1.6.x] Fixed #22242 -- Documented common cookie size limit.

Backport of 885e7adf56 from master
---
 docs/ref/request-response.txt | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/docs/ref/request-response.txt b/docs/ref/request-response.txt
index ebe4119b35..0c9d0e99a8 100644
--- a/docs/ref/request-response.txt
+++ b/docs/ref/request-response.txt
@@ -735,6 +735,14 @@ Methods
 
     .. _HTTPOnly: https://www.owasp.org/index.php/HTTPOnly
 
+    .. warning::
+
+        Both :rfc:`2109` and :rfc:`6265` state that user agents should support
+        cookies of at least 4096 bytes. For many browsers this is also the
+        maximum size. Django will not raise an exception if there's an attempt
+        to store a cookie of more than 4096 bytes, but many browsers will not
+        set the cookie correctly.
+
 .. method:: HttpResponse.set_signed_cookie(key, value, salt='', max_age=None, expires=None, path='/', domain=None, secure=None, httponly=True)
 
     Like :meth:`~HttpResponse.set_cookie()`, but