I'm curious how people handle authentication and session keys in spinejs