After login you should send two tokens to the browser, a short-lived session token (say, one hour) and a long-lived remember-me token (say, 30 days). The session token's TTL is reset to one hour every time the browser shows activity, but its value does not change.
If and only if the session cookie has expired (or is otherwise invalid), the remember-me cookie is traded for a new, authenticated, session. This does not happen when reloading the page, only after the browser has been inactive for more than an hour.
Prolonging the session happens purely on the server side. Only when trading the remember-me token is it critical that the browser receives and stores the new session token.
You should not delete the remember-me token from the database immediately after first use. If I start my browser it restores previously open tabs, which may include multiple for your site. Consequently, your server will receive multiple requests (or websocket connections) almost simultaneously and those requests race for the new session-token.
At my workplace we allow remember-me tokens to be used for up to two minutes after first use, and at most N times, whichever happens first. That fixes races and allows for retries in case of connectivity issues.