After a little bit of searching I found that this is done by the login view (line 55) in the set_test_cookie()
method.
In the latest version of Django (git main) it has been removed however: https://github.com/django/django/commit/9d2c0a0ae6ce931699daa87735d5b8b2afaa20f9#django/contrib/auth/views.py
For the time being I would simply recommend you to use a modified version of the login page which doesn't use the set_test_cookie()
method.