Why does Django add 1 second to the lifetime of a cookie?

Using Django Forms & APIs
1

I’m trying to implement JWT authentication using django-graphql-jwt on the backend, and nuxt3 for the frontend. My token and refresh_token are stored in cookies, and I wrapped the GraphQLView in a jwt_cookie decorator that automatically checks for the existence of the jwt token in the cookie, as well as its validity.
In general, everything works great. When I send an authorization request, the backend returns me the “Set-Cookie” headers for JWT and JWT_REFRESH_TOKEN with an expiration date that automatically deletes them as soon as they become invalid, which saves me a lot of code/logic on the frontend.
However, there is one very unpleasant thing - Django adds 1 second to the cookie lifetime for some reason in the set_cookie function, and it ruins everything. Here is the Django code:

def set_cookie(
        self,
        key,
        value="",
        max_age=None,
        expires=None,
        path="/",
        domain=None,
        secure=False,
        httponly=False,
        samesite=None,
    ):
        self.cookies[key] = value
        if expires is not None:
            if isinstance(expires, datetime.datetime):
                if timezone.is_naive(expires):
                    expires = timezone.make_aware(expires, datetime.timezone.utc)
                delta = expires - datetime.datetime.now(tz=datetime.timezone.utc)
                # Add one second so the date matches exactly (a fraction of
                # time gets lost between converting to a timedelta and
                # then the date string).
                
                # Here's what I mean ↓↓↓
                delta += datetime.timedelta(seconds=1)


                # Just set max_age - the max_age logic will set expires.
                expires = None
                if max_age is not None:
                    raise ValueError("'expires' and 'max_age' can't be used together.")
                max_age = max(0, delta.days * 86400 + delta.seconds)
            else:
                self.cookies[key]["expires"] = expires
        else:
        ...

I see the comment from Django, but I still don’t understand what it means.
This may not be a critical issue, but I just can’t understand why they did it. The result of this behavior is that within 1 second after the token has expired, it is still in the user’s cookies, and that doesn’t seem right to me.

I can fix this problem by subtracting 1 second when creating cookies, but I would like to avoid unpredictable errors that may arise due to this innovation.
I would appreciate your answers and explanations :slight_smile: