Django Session Based Authentication Doesnt Allow Multiple Logins

Im using django as my backend and nextjs as frontend for development. running nextjs on localhost:3000 and even tried 10.0.0.18:3000 and running django on 0.0.0.0:8000 also tried 127.0.0.1:8000. when making a request to django loginview which does basic username password check authenticatoin and returns http 200. when i first login django sets sessionid cookie and csrftoken. which is great but if i try to login again without deleting sessionid it returns forbidden. when i remove sessionid it works and returns a sessionid. also when i keep sessionid in cookies and remove the session from djang_session table in the database it works.

also when running nextjs on localhost and sending request to backend via 10.0.0.18 it works even with multiple logins but the problem is cookies dont presist across reloads i assume due to difference in domain.