In a php web application we can check if user is logged in or not by using sessions , my android app will use volley to call php api which will send a json response from remote web server , if user get their profile or update something it will call userdetail.php , how server will know it is a authenticated request or not ? or else I need to send username and password along with all api calls , Is this a correct way ? or is there any other ways available to do the same ?
The way I had implemented this is when login hit a API and update a token field in the user table and send it back with response and user details.
Every time the user hit an API , check the token along with the email or username whichever is unique and send back the result.
Note - the token column only changes after the login not after that.
You can use laravel tymon/jwt-auth library to generate jwt tokens to authenticate users instead of PHP sessions which maintain state.