rest - Handling restful login without HTTP AUTH -

i'm working on web application, , i've decided make serverside a(n almost) restful web service (using node.js).

i restful, because while use resource paradigm, want more flexible in doing things, namely authentication.

all articles, tutorials , examples have read says should use http auth authentication. have different idea.

i made resource named session, works this:

post /session

creates session, , returns session id. session id value used requests in session. (at point, user not logged in, has session, can set values session.)

put /session {session, email, password}

updates session user value

delete /session {session}

deletes session, logging user out.

here questions:

1. is session resource meaningful, or taking flexibility far?
2. if restful, should have included session id in requests /session/:id, because session singleton resource (as far user concerned, there no other session possible), there no harm in flexing rules way. idea?