Mixing stateful and stateless authentication

I can't seem to find the proper way of implementing AJAX requests on routes with API authentication middleware, while still using stateful authentication (sessions) on pages. Or am I just not understanding the concept of Laravel Passport?

I'm trying to do very simple stuff: perform AJAX request when user submits a form, but to be secure, the route that request hits is protected by auth:api middleware. User is also authenticated by a session and therefore has access to a form. But when the request hits -- the application says user is not authenticated. Well, yeah, because that request is stateless and doesn't care about cookies/session.

How I was hacking this is I was just putting the routes in my web.php file with auth middleware, because web middleware cares about the session. This seems too clumsy and it feels like there has to be a better way. Should I send a token through a header on every request to the user then send that token in a form data to the endpoint, thus authenticating user through a token... or is there a better way?

I feel like Passport is a bit too much since I just need authentication of users signed up to the website for a couple of AJAX requests, no third-party client applications, etc.

Artisans, enlighten me, please!