Sessions

Create table in DB like this.
Pasted image 20240726102453.png
You give that session id to the client (prefrerrably in an httpOnly cookie) and every time they make an API call they send that id.

Every request you need to validate the id by fetching from DB. To combat a bit the inneficiency of having to query DB every time, redis or other cache db is commonly used.

advantages

disadvantages