Reading the Authorization header is usually quite easy:

app.get('/your-endpoint', (req, res) => {
  const authHeader = req.headers['authorization'];

  if (authHeader && authHeader.startsWith('Bearer ')) {
    const sessionToken = authHeader.split(' ')[1];
    console.log('session-token:', sessionToken);
  } else {
    console.log('No Authorization header or invalid format.');
  }

  res.send('Authorization header checked');
});