Session API authentication?

Trying to track down some problems with a managed consul offering, and I went code splunking.

It looks like the session APIs don't do authentication? They don't call `prepare_headers` like the other modules.

I would suggest setting this as a header on the requests session, so it's automatic with every request.