Given:
- Alice - a user
- Bob - someone who runs a site
- Mallory - an attacker
The point of CSRF protection is to prevent Mallory from tricking Alice into submitting data provided by Mallory (using Alice's user credentials).
Since Alice and Mallory have different tokens, Mallory cannot just "copy the value above".
It isn't there to prevent Mallory submitting data using their own credentials. To solve that problem you need to decide how much trust to give to different users.