Currently session check endpoint returns the same CSRF token as is used by the user in the headers.

This means that it is unusable when user wants to simply acquire CSRF token for future requests, and it requires a full new login to acquire new CSRF token, if the previous one has timed out and/or become invalid - as we do not have any other endpoints that would allow us to get a new one.