A Requests gets issued by a browser normaly a HTTP conform client will accept set cookie headers and apply that cookies on the next request
if you need more fine grained controle eg multi session it is clever to attach the cookie content as server query parameters via url?param=xxxx¶m=2
the first method logs out via deleting the cookie or replacing it the secund via deletion of browser cache.
to prevent man in the middle you could implement something like a one time factor. something that is only valid once and in a given period.