if (!success) {
throw new AuthException("Failed to create auth session");
}
HttpSession session = sessionProvider.get();
ICookieHandler cookieHandler = cookieHandlerProvider.get();
session.setAttribute(serverSideConstants.getAuthSessionKey(), result);
cookieHandler.setValue(serverSideConstants.getSessionCookieName(),
result.getSessionId(), expirationDate);
return result;
}