Add a client middleware which receives and re-uses a session token from the server.
Add a server middleware which, when encountering a request with no session header, creates a session on the backend, generates a token for it, and sends the token to the client in a header. The client can re-use this as indicated above.
If the client has a session header, re-use the same session from the backend (report an error if an invalid session was used).