How does the server verify whether the caller of the APP interface is logged in?

In web development, you can verify whether the user is logged in through session and cookie, but in app development, how does the server perform verification?

Reply content:

In web development, you can verify whether the user is logged in through session and cookie, but in app development, how does the server perform verification?

Put the token in the header and rarely use cookies

App development can also use cookies. It doesn’t matter. Whether it is web or app development, both access the server through the http protocol and can carry cookie information. Specific cookie operations for iOS and Android can be searched online. .

You can refer to the oath standard to obtain an accesskey and save it on the client
http://oauth.net/2/

In app interface development, restful api is written according to oath2.0.

Ah? I have always used sessions. When logging in, there is a session in the APP local village, and a session is also stored in the database. Then if they are equal, they are logged in (but this way it will not expire). Is there any problem??