Web app framework Django contains a vulnerability that puts session cookies at risk, but the group in charge has decided not to patch the flaw, and instead warn developers about the problem. A ...