When calling rqlio(), it doesn't try to grab the CSRF token (as it is
not required). However, the request sent afterwards will store that
token in Requests session. On future requests, the token will be sent
as a cookie, since the Requests session contains it in its cookie
jar. This means that when the function for grabbing the token will be
triggered, the response of the request made to base_url will not
contain the token.

This patch replaces the usage of an independantly stored token to use
the Requests session's cookie jar.