2👍
✅
Turns out there is no issue. Django handles it all very well – it was the beta version which did not work / had this feature disabled. The token persisted through user sessions, but this was just due to having a beta version running the project. With a release version, all is well and protected.
Source:stackexchange.com