Hi Leon,
What you mean by CSRF function goes off, does it mean when you do refresh DSP page and you don’t see CSRF token ? What is the Integration Server version you are using?
Generally, after enabling the CSRF guard in IS (Security > CSRF Guard ), you should refresh the home page and then all the access to any page will have CSRF token. And even after logout and login , CSRF is enabled.