I want to implement a secure method for user authentication. I’m using the Django Rest Framework for my API, and I prefer not to use local storage for storing tokens if I choose to use them.
I am interested in using JWT tokens, as they are powerful (though not essential), and I’ve also heard about HTTP-only cookies.
2
Answers
I highly recommend using Django sessions to secure your application.
when you log in, Django automatically inserts the session id and the CSRF token into the cookies, the session id is used by Django as authentication and the CSRF token allows you to prevent CSRF attacks.
I also recommend using the django-cors-headers library to authorize requests to your backend only from certain domains and using Django models/make queries with the placeholders to avoid SQL injection vulnerabilities
some time ago I was in the same situation as you and after a long search I decided to use this integrated Django system for several reasons:
Create Middleware Auth methode Token post Every Change Route in React
Example methode :