Is there any way to store session data within a custom authentication scheme?