background administrator login is the login information stored by Session. The
interface is not used to separate the management system to provide interface data to the APP Mini Program and the PC side. One interface provides data to multiple clients

but after the separation, the CAPTCHA cannot be used. After modifying the configuration of session, I configured sessioId
I can indeed solve the problem of CAPTCHA when configuring sessioId, but a new problem arises. The
back-end management system just logs in to a user and opens the page on other computers, probably because of the same sessionId problem

later, I want to use Cookie for storage at the back end, but I feel that cookie is not secure.
now I would like to ask you that if the backend uses Session to store administrator information, you must not be able to configure
of SessionId, but the CAPTCHA cannot be used without configuration. Is there any good way to use Session storage and solve the problem of cross-domain CAPTCHA of the interface?

I tried to write the configuration of session to the module of api, but it still failed!