Security tweaks

Summary of changes proposed in this Pull Request:

• Makes the CSRF session check respect the newish CSRF_USE_SESSIONS setting in Django
• Locks down the clearsessions view to tasks or admins only

PR checklist:

• Updated relevant documentation
• Updated CHANGELOG.md
• Added tests for my change