Translations:Manual:SessionManager and AuthManager/49/en

It's not necessary that the provider actually does anything to save the user's identity; as long as the session ID is provided, the user can be determined from the saved metadata.