Check if token is valid on every request

I have a Django back end and a Vue front end. Users are able to log in on the front end. After validating a user, the back end sends the token and user id associated with the email used for log in, to the front end. I I go to another page then the front end sends the token to the back end to verify a user is logged in am I correct?

Django does not check the token on every request if it belongs to the user that logged in. So I can use another user’s id and the same token and then I can get the data for the other user.

How can I make Django verify a token belongs to a user making a request?

The User object is associated with the token. It’s the contents of the token that define what’s going to be returned by request.user. See the docs at Authentication - Django REST framework. Your back end should not at that point be accepting any other data as being the user making the request.