Hello, have a noob question: I have an SPA, which makes calls to my Golang API server, now i want to add authentication whith Kratos. my question is how to verify the session on the API server, do i, after login of course, send the session cookie to the api and check it in a middleware using the /sessions/whoami endpoint?