Unless all of the data you are loading is completely public, your app has some sort of users, accounts and permissions systems. If different users have different permissions in your application, then you need a way to tell the server which user is associated with each request.
Apollo Client uses the ultra flexible Apollo Link that includes several options for authentication.
Another common way to identify yourself when using HTTP is to send along an authorization header. Apollo Links make creating middlewares that lets you modify requests before they are sent to the server. It's easy to add an Authorization header to every HTTP request. In this example, we'll pull the login token from localStorage every time a request is sent.
Since Apollo caches all of your query results, it's important to get rid of them when the login state changes.
The easiest way to ensure that the UI and store state reflects the current user's permissions is to call Apollo.getClient().resetStore() after your login or logout process has completed. This will cause the store to be cleared and all active queries to be refetched.
Another option is to reload the page, which will have a similar effect.