diff --git a/docs/source/_static/rest-api.yml b/docs/source/_static/rest-api.yml
index 79cbc0b5..e0d9fa24 100644
--- a/docs/source/_static/rest-api.yml
+++ b/docs/source/_static/rest-api.yml
@@ -1336,6 +1336,14 @@ components:
             Timestamp of last-seen activity using this token.
             Can be null if token has never been used.
           format: date-time
+        session_id:
+          type: string
+          nullable: true
+          description: |
+            The session id associated with the token, if any.
+            Only used for tokens set during oauth flows.
+
+            Added in 2.0.
   responses:
     NotFound:
       description: The specified resource was not found
diff --git a/jupyterhub/apihandlers/base.py b/jupyterhub/apihandlers/base.py
index f7a82da3..c41cb8eb 100644
--- a/jupyterhub/apihandlers/base.py
+++ b/jupyterhub/apihandlers/base.py
@@ -210,6 +210,7 @@ class APIHandler(BaseHandler):
             'last_activity': isoformat(token.last_activity),
             'expires_at': isoformat(token.expires_at),
             'note': token.note,
+            'session_id': token.session_id,
             'oauth_client': token.oauth_client.description
             or token.oauth_client.identifier,
         }
diff --git a/jupyterhub/apihandlers/users.py b/jupyterhub/apihandlers/users.py
index 2b977277..2d0bfeff 100644
--- a/jupyterhub/apihandlers/users.py
+++ b/jupyterhub/apihandlers/users.py
@@ -58,6 +58,14 @@ class SelfAPIHandler(APIHandler):
 
         model = get_model(user)
 
+        # add session_id associated with token
+        # added in 2.0
+        token = self.get_token()
+        if token:
+            model["session_id"] = token.session_id
+        else:
+            model["session_id"] = None
+
         # add scopes to identify model,
         # but not the scopes we added to ensure we could read our own model
         model["scopes"] = sorted(self.expanded_scopes.difference(_added_scopes))
diff --git a/jupyterhub/handlers/base.py b/jupyterhub/handlers/base.py
index 75d38d00..ce3acb08 100644
--- a/jupyterhub/handlers/base.py
+++ b/jupyterhub/handlers/base.py
@@ -340,6 +340,7 @@ class BaseHandler(RequestHandler):
             auth_info['auth_state'] = await user.get_auth_state()
         return await self.auth_to_user(auth_info, user)
 
+    @functools.lru_cache()
     def get_token(self):
         """get token from authorization header"""
         token = self.get_auth_token()