for this you can use the same user table to store the session id which will be a guid. When the user logs in generate a new key and store in database and that key will be used to authenticate the requests on each call. when user logs off you can again set the key to null.
