Design a system to handle user authentication for a web application, including secure session or token handling.