o ʎ_ @sddlmZddlmZmZmZddZeedddZeed d dZeed d dZ d dZ ee dddZ ee dddZ ee dddZ eejddddZeejddddZddZddZdS) )settings)TagsWarningregistercC|dS)Nzq Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions.messagerrF/usr/lib/python3/dist-packages/django/core/checks/security/sessions.pyadd_session_cookie_messager znYou have 'django.contrib.sessions' in your INSTALLED_APPS, but you have not set SESSION_COOKIE_SECURE to True.z security.W010)idzYou have 'django.contrib.sessions.middleware.SessionMiddleware' in your MIDDLEWARE, but you have not set SESSION_COOKIE_SECURE to True.z security.W011z)SESSION_COOKIE_SECURE is not set to True.z security.W012cCr)Nzs Using an HttpOnly session cookie makes it more difficult for cross-site scripting attacks to hijack user sessions.rr rrr add_httponly_message$r rzpYou have 'django.contrib.sessions' in your INSTALLED_APPS, but you have not set SESSION_COOKIE_HTTPONLY to True.z security.W013zYou have 'django.contrib.sessions.middleware.SessionMiddleware' in your MIDDLEWARE, but you have not set SESSION_COOKIE_HTTPONLY to True.z security.W014z+SESSION_COOKIE_HTTPONLY is not set to True.z security.W015T)deploycK@g}tjstr |ttr|tt|dkrtg}|SN) rSESSION_COOKIE_SECURE _session_appappendW010_session_middlewareW011lenW012 app_configskwargserrorsrrr check_session_cookie_secureB   r cKrr) rSESSION_COOKIE_HTTPONLYrrW013rW014rW015rrrr check_session_cookie_httponlyOr!r&cC dtjvS)Nz4django.contrib.sessions.middleware.SessionMiddleware)r MIDDLEWARErrrr r\ rcCr')Nzdjango.contrib.sessions)rINSTALLED_APPSrrrr r`r)rN) django.confrrrrr rrrrr#r$r%securityr r&rrrrrr sT