3 v^ @sddlmZddlmZmZmZddZeedddZeed d dZeed d dZ d dZ ee dddZ ee dddZ ee dddZ eejddddZeejddddZddZddZdS) )settings)TagsWarningregistercCs|dS)Nzq Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions.)messagerrH/usr/lib/python3.6/site-packages/django/core/checks/security/sessions.pyadd_session_cookie_messagesr znYou have 'django.contrib.sessions' in your INSTALLED_APPS, but you have not set SESSION_COOKIE_SECURE to True.z security.W010)idzYou have 'django.contrib.sessions.middleware.SessionMiddleware' in your MIDDLEWARE, but you have not set SESSION_COOKIE_SECURE to True.z security.W011z)SESSION_COOKIE_SECURE is not set to True.z security.W012cCs|dS)Nzs Using an HttpOnly session cookie makes it more difficult for cross-site scripting attacks to hijack user sessions.r)rrrr add_httponly_message$sr zpYou have 'django.contrib.sessions' in your INSTALLED_APPS, but you have not set SESSION_COOKIE_HTTPONLY to True.z security.W013zYou have 'django.contrib.sessions.middleware.SessionMiddleware' in your MIDDLEWARE, but you have not set SESSION_COOKIE_HTTPONLY to True.z security.W014z+SESSION_COOKIE_HTTPONLY is not set to True.z security.W015T)deploycKs@g}tjss: