id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
9356	CSRFMiddleware should take session key from request.session	Bob Thomas	nobody	Since CSRFMiddleware depends on SessionMiddleware, it should use request.session to get the session key. That way, SessionMiddleware can ensure that there is a valid session ID present before the CSRF hash is generated.		closed	Contrib apps	1.0		invalid		jacob.kaplanmoss@…	Accepted	1	0	1	1	0	0