[Question] How I can authenticate API with current session?

[himadridev]

First of all this NOT AN ISSUE but a QUESTION. I tried this example an learn many things as a beginner. Thanks!

I want to build a simple app with register user, login, and an authenticated API to get the secured data. Register the user and login work perfectly fine. And it stores in sessions collection in

{
	"_id" : "rpDGJyqoo9H0sV-8kxT7Klt_te1SuTJL",
	"session" : "{\"cookie\":{\"originalMaxAge\":null,\"expires\":null,\"secure\":false,\"httpOnly\":true,\"path\":\"/\"},\"passport\":{\"user\":\"5a3794eb4d9427091875192a\"}}",
	"expires" : ISODate("2018-01-01T10:31:34.199Z")
}

And the /api/getallcategories API also has the sessionId in header as cookie:

I want to make /api/getallcategories as a secure API. (If sessionId is not there header cookie send back Unauthorized). Or, If the current session is expired already I want to send back some response that logout the user in the Client?

How can I do this? Any Help.