Hello I got a question related to the way sessions are handled. All recipes follow a similar workflow under the hood correct?, I mean in regards with how cookies are set and a bearer token in the case of native apps. What is the difference between for example email and password vs session recipe?