If you’re getting prompted to login on every single action, you are likely not passing the session_id to the DSP. Your session should persist for as long as you’ve set the duration parameter at login. Check out this page from the documentation on passing the session token header. This is implemented in the JavaScript SDK by storing the received response.session_id as a new ApiKeyAuthorization header that gets passed along with subsequent calls:
...
window.authorizations.add("X-DreamFactory-Session-Token", new ApiKeyAuthorization("X-Dreamfactory-Session-Token", response.session_id, 'header'));
}, function(response){
...
To implement session verification, I recommend making the API calls as normal and trapping for a 401 error response. Then use the 401 as a trigger to login again. This is more efficient than checking for a session before every call. A global error handler for 401s should do the trick.