er the CSRF warning.
>
> -Paul
>
> [1] Django's CSRF implementation usually sets off all kinds of false
> alarms in most pen-tester's tools, since it doesn't work exactly the
> same way other implementations do, and isn't tied to the session
> cook
The results of a recent penetration test brought up the issue of the use of
persistent cookies, specifically the CSRF cookie which has an expiry date one
year in the future.
The rationale given was that since the cookie is stored on the hard drive then
it is theoretically possible to get hold o
