When creating an API you can manage a “session” with a JWT Json Web Tokens ensuring the user has login previously.
This post explains how JWT is working and how to implement it with SpringBoot using user identity stored in a Database.
This is based on a real implementation and is the sum of lots of search on Internet to make it correctly working.