Signing a session claim to "log in" means I can authenticate users without storing any sensitive information.