id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
16859	Allow storing CSRF tokens in sessions	Paul McMillan	Raphael Michel	Storing the CSRF token in a cookie (Django's default) is safe, but storing it in the session is common practice in other web frameworks and therefore sometimes demanded by security auditors.	New feature	closed	CSRF	dev	Normal	fixed		cmawebsite@… mail@…	Accepted	0	0	0	0	0	0