I have a Django back end and a Vue front end. Users are able to log in on the front end. After validating a user, the back end sends the token and user id associated with the email used for log in, to the front end. I I go to another page then the front end sends the token to the back end to verify a user is logged in am I correct?
Django does not check the token on every request if it belongs to the user that logged in. So I can use another user’s id and the same token and then I can get the data for the other user.
How can I make Django verify a token belongs to a user making a request?