id,summary,reporter,owner,description,type,status,component,version,severity,resolution,keywords,cc,stage,has_patch,needs_docs,needs_tests,needs_better_patch,easy,ui_ux 16859,Allow storing CSRF tokens in sessions,Paul McMillan,Raphael Michel,"Storing the CSRF token in a cookie (Django's default) is safe, but storing it in the session is common practice in other web frameworks and therefore sometimes demanded by security auditors.",New feature,closed,CSRF,dev,Normal,fixed,,cmawebsite@… mail@…,Accepted,0,0,0,0,0,0