That would make tokens valid across different applications that share a session. A compromise of one application would then jeopardize all your applications.
A compromise of any session ID is more serious than losing the CSRF token anyway. Once I have your session ID I am you from the POV of the server, so who cares about the CSRF token?
Also, you may well have different session IDs across different applications anyway - pretty good idea, if you want to be able to selectively deauthorise logins.
Just reduces the risk surface a bit.