id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
32757	CSRF cookies are not issued once expired if the session cookie is still valid	Luke Sapan	nobody	"Currently, if someone sets `SESSION_COOKIE_AGE` beyond a year without also extending `CSRF_COOKIE_AGE`, their users are going to start running into CSRF errors. There may be a reason for it, but Django won't issue a new CSRF token once it expires if the user still has a valid session cookie.

I'm not sure if there's a security reason for this (I can't think of one), but even if there is, it would make sense to add a warning during startup if `SESSION_COOKIE_AGE > CSRF_COOKIE_AGE`."	Bug	closed	CSRF	3.2	Normal	invalid	csrf, cookie age		Unreviewed	0	0	0	0	0	0