TokenAuthentication and SessionAuthentication are both enabled but only session auth used?

The backend enables both Django TokenAuthentication and SessionAuthentication authentication in settings. I observed that only SessionAuthentication is being used if I visit the page within browser as run the application on my local machine. But strangely, I also see authToken_token table has an entry updated. It seems that TokenAuthentication is enabled but not being returned or used. Correct?
