id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
28155	Security system checks do not ignore MIDDLEWARE_CLASSES when MIDDLEWARE is defined	Pritam Baral	nobody	"`1_10.W001` says ""Since you've set MIDDLEWARE, the value of MIDDLEWARE_CLASSES is ignored""

But security system checks for session and csrf middleware check for `MIDDLEWARE_CLASSES` first and only if that fails do they check for `MIDDLEWARE`, contrary to what the compatibility system checks say.

The issue is compounded by the fact that `global_settings.py` defines `MIDDLEWARE_CLASSES` to contain two middlewares (one of which is csrf). So to disable csrf, one not only has to define `MIDDLEWARE` without including the csrf middleware in it, one also has to override and set `MIDDLEWARE_CLASSES = []`. At which point, the compatibility system check `1_10.W001` fires up."	Bug	closed	Core (System checks)	1.10	Normal	wontfix			Accepted	0	0	0	0	1	0