As stated by Ken, you can use session authentication for both the django and drf parts.
But, as your vue frontend is held by another domain than the backend, you have to correctly configure CORS so that the session cookie is sent to your backend (at somewebsite.com) when request is fired from script in app.somewebsite.com.
At least, you will need to set the following settings:
CORS_ALLOWED_ORIGINS = ["https://app.somewebsite.com"]
CORS_ALLOW_CREDENTIALS = True
SESSION_COOKIE_SAMESITE = "None"
SESSION_COOKIE_SECURE = True
You also need to ensure that requests done in the Vue app have withCredentials set to true (e.g. see vue.js - SET WithCredentials globally with axios on VueJS - Stack Overflow)
Pay attention to your CORS configuration, allowing unwanted hosts (e.g. by setting CORS_ALLOW_ALL_ORIGINS to True) would expose your site to security issues