Yes. That’s a good part of the approach; see also: Session Management Cheat Sheet.