So, just to close out this post in case someone new runs into the same issue, I went the JWT token route. Here, whatever session-cookie mechanism happens in normal webflow is similar, except that the JWT token is being signed by the server using a secret key known only to the server, and then being passed in the HTTP payload (as opposed to the HTTP header in the cookies). There are multiple advantages as listed in https://auth0.com/blog/2014/01/07/angularjs-authentication-with-cookies-vs-token/
Also, the videos mentioned in this related answer were really helpful in getting JWT set up on the server and client: