You can first explain that token is What Do You Mean?
Token is the certificate
The first time a user visits you and passes the authentication, you randomly generate a token certificate and return it to the user.
The user visits again with a token certificate, and you check whether the certificate is valid to confirm the user’s identity.
Through token, the user’s continuous authentication process is saved.
Because the http protocol is stateless, the server needs a persistent token, which is usually stored in the database and cache.