In Django, how can I make session work if the view function has a csrf_exempt decoration?

I'm using Django as restful APIs and found that session doesn't work if a view has a csrf_exempt decoration.

Here is some code:

@csrf_exempt
def scorer_login(request):
    request.session['username'] = request.POST['username']

I found that request.session doesn't change at all when I print request.session.get('username') in other views.

However, if there isn't csrf_exempt, it works:

def scorer_login(request):
    request.session['username'] = 'test_username'

How can I fix it?