If a user is authenticated, a browser cookie is created so the user will be remembered
until the cookie is destroyed.
Plugins can override SessionInitializer behavior by extending this class and
overriding methods. In order for these changes to have effect, however, an instance of
the derived class must be used by the Login/Controller.