I think you would set the session ID before authentication, then after authentication remember that this session ID is authenticated now.