I highly recommend using Django sessions to secure your application.

when you log in, Django automatically inserts the session id and the CSRF token into the cookies, the session id is used by Django as authentication and the CSRF token allows you to prevent CSRF attacks.

I also recommend using the django-cors-headers library to authorize requests to your backend only from certain domains and using Django models/make queries with the placeholders to avoid SQL injection vulnerabilities

some time ago I was in the same situation as you and after a long search I decided to use this integrated Django system for several reasons:

1. it's much easier to implement than a JWT token if you know enough about Django
2. it is an alternative that offers an excellent level of security
3. it's less challenging to make mistakes when writing code than implementing a system that uses the JWT token