How would you design a system to manage user authentication, including login, session management, and authorization?