Bala
When you run a Login API, the Session ID will be generated in the response, you hold the Session ID from response into your local variable and you can validate like Not Null, Contains, Exist & Regular Expression kind of the assertion, if there is any Biz Requirement specifically mentioned for this you can go with that.
Also you can validate the Response Header Status is 200 OK or not, this ensures max coverage.