We are using both TokenAuthentication and Session Authentication methods to authenticate users. this allows both browser-based clients and non-browser clients (which typically use token authentication) to access the API.
But, in the logging out process at the Logout endpoint, we are only deleting the user's token which is only for logging token authentication out. We also need to logout the client's sessions if the client is using session auth
This can be done by Django's built-in function logout which can be imported from django.contrib.auth
zamaniamin
commented
1 year ago
We are using both
TokenAuthenticationandSession Authenticationmethods to authenticate users. this allows both browser-based clients and non-browser clients (which typically use token authentication) to access the API.But, in the logging out process at the
Logoutendpoint, we are only deleting the user's token which is only for logging token authentication out. We also need to logout the client's sessions if the client is using session authThis can be done by Django's built-in function
logoutwhich can be imported fromdjango.contrib.auth