I have a single page application that sends requests to a backend API after each user interractions (GET, POST….). For authentication, I use cookie session that the API return after the login to the SPA which store it in the cookies.