I am working on my first Laravel REST API app with React. My question is: Is it recommended to use token-based authentication in conjunction with session-based authentication? In this scenario, my backend would share a CSRF cookie, session ID, and a token with my React app. Can Laravel even handle both at the same time? Or should I stick with one approach, either session-based or token-based authentication? Note: all my routes will be under /api. If yes, how can I delete tokens and invalidate the session during logout?
In the logout process, I have encountered issues where it seems that Laravel can't handle both - deleting tokens and invalidating sessions.