I have a SPA webapp and spring boot backend. I am using spring security for login ldap authentication and csrf enabled. Now I am a little confuse on how I can implement session management on SPA and make it secured.