Fyou can make a get session request, after that you have to verify if what is written in the session is ok or not
Fe.g. if the checks that have been made are enough or not
FI am not really familar with this sample. But I think this doesn't use the session API, probably it uses oidc and the hosted login ui of zitadel