The original session data.
The new CSRF token to set.
A new SessionData object with the updated token and the current timestamp.
The timestamp is reset to Date.now() to reflect the update time.
All other fields (cookies, loggedIn flag) are copied from the original session.
The original session object is not mutated.
Creates a new
SessionDataobject with an updated CSRF token.