Trying to use the Authorization header with a WSGI application (e.g. using token authentication with Django REST Framework) with Apache and mod_wsgi? It doesn't work or it falsely uses the sessionid Cookie instead? Either make sure your
TokenAuthorization
is tried before the
SessionAuthentication
or ensure that Apache is configured to pass the Authorization header to your Python app:
WSGIPassAuthorization On
This also explained way better in the DRF docs which sadly I found out about a little too late: http://www.django-rest-framework.org/api-guide/authentication/#apache-mod_wsgi-specific-configuration