I think it 's a good process because you don't use cookie and pass the session in the payload.
I have a question concerning the step 3 : " The server checks if the user exists. If so, I generate a
SessionID using UUID.randomUUID.toString and pass it back to the client. " :
where do you save the UUID session on the server ? hashtable ?