Is this technically possible? I know that I can fire off the login via the api or via xhr to the login link, but how do I make sure the session is actually then marked as logged in? I am trying to write a hybrid mobile app so the use case is just a popup with login info which then goes away and page transitions to 'paid' content