CSRF cookie should be configurable
|Reported by:||rogerhu||Owned by:||nobody|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
Internet Explorer has the ability to block/disable persistent cookies (http://support.microsoft.com/kb/196955), and corruption of the index.dat cache
(i.e. disk errors that need to be repaired via CHKDSK) can cause Django sites to authenticate correctly but fail to do FORM POST's. To
avoid this behavior, provide the option to configure the CSRF cookie age so that cookies can be configured to be persistent or session-based.
Changes (including test and documentation) are included here: