gt;
> [1] Django's CSRF implementation usually sets off all kinds of false
> alarms in most pen-tester's tools, since it doesn't work exactly the
> same way other implementations do, and isn't tied to the session
> cookie.
>
> On Tue, Aug 21, 2012 at 3:53 PM, Gruffudd Williams
>
The results of a recent penetration test brought up the issue of the use of
persistent cookies, specifically the CSRF cookie which has an expiry date one
year in the future.
The rationale given was that since the cookie is stored on the hard drive then
it is theoretically possible to get hold