Regarding django session handling:- cookie and session ID

[Samarjeet Singh]

While doing CSDL compliance i need to know that does django framework give following feature and if it does which are the API for the same.

1. When cookies are used to carry authentication tokens or session IDs within a web application, and multiple such cookies are present, does django verify all such cookies before granting access to the user session. 

2. in django does All conflicting cookies are treated as invalid.

3. If validation of any such cookie fails, is it treated as if it didn't exist, and does this thing gets logged  and get added to the audit log.

4. After validation of all such cookies, does django gives permissions evaluated based on the               cookies for which validation succeeded.

5. Cleartext Storage of Sensitive Information in a Cookie:- does it stores the data in cookie in plain form or in other form can that form be easily decoded.

6. Information Exposure Through Persistent Cookies -does it keeps the cookie in the db always or the unused or old cookie are deleted.

7. Reliance on Cookies without Validation and Integrity Checking:-redundent (does it rely on cookie without the validation check)

8. Sensitive Cookie in HTTPS Session Without 'Secure' Attribute- the cookie which are send in https session with secure attribute not set do they go in plain format.

9. Session Id is fully validated before they may be used:-validation of session id is done in case of djanago

10. When using session ID to keep authentication state and track user progress within a web application, the django application treat the session ID as untrusted data, and sanitize and validate it before use.