public function __invoke(RequestInterface $request) : Data
 {
     $tokens = array_filter(array_map([$this, 'parseToken'], $request->getHeader('Cookie')), function (Token $token) use($request) {
         return $this->tokenValidator->__invoke($token, $request);
     });
     /* @var $token Token|bool */
     $token = reset($tokens);
     $session = $token ? $this->tokenSerializer->deSerialize($token) : Data::newEmptySession();
     if (!$this->sessionValidator->__invoke($session, $request)) {
         // if all validation fails, simply reset the session (scrap it)
         return Data::newEmptySession();
     }
     return $session;
 }
 public function deSerialize(Token $token) : Data
 {
     return Data::fromJsonString($token->getClaim('data'));
 }