Absolutely. If you want to try and debug this, boot up a quickstart which should take less than 5 minutes and see if you can log in and refresh the page. This will signal that the app is using silent auth to get a new token after refresh.
The short random string is an opaque access token designated for the /userinfo endpoint.
Even if you clear the cookies/logout you shouldn’t have to do it again.