I have a little question.
I'm making website with react, redux and django rest framework. And I'm going to implement authentication using django-rest-auth.
When user login, django-rest-auth return token and session id with headers. I just want to use session id only.
I tried with Postman it works or not. Firstly, login in rest-auth/login with username and password. I got token, I can see sessionid and csrftoken inside cookies tabs. Then when I tried to logout with headers includes X-CSRFToken: csrftoken value, I could logout successfully. Also I saw "django_session" and "authtoken_token" values are gone in mysql.
Is this workflow ok to authenticate? I mean not using given token.