This handler should be used if you want to store the User object in the Session so it's available between
different requests, without you having re-authenticate each time.
It requires that the session handler is already present on previous matching routes.
It requires an Auth provider so, if the user is deserialized from a clustered session it knows which Auth provider
to associate the session with.