There are some methods for dealing with Basic auth in here as well, but they are not used by sessions.
+- `sessionRequiredLocal` redirect to login if session does not represent a valid local user
+- `sessionRequired` redirect to login if session does not represent a valid local user or IA profile
+- `sessionOptionalLocal` check if session represents a valid local user
+- `sessionOptional` check if session represents a valid local user or IA profile
+
+If session is valid for any of these, ctx.session will be populated appropriately.
+
+- `ctx.authenticatedId` will be set to either the valid local identifier or the valid profile
+- `ctx.session.authenticatedIdentifier` will be set if valid local identifier
+- `ctx.session.authenticatedProfile` will be set if valid IA profile
+
### SessionManager
Class providing service handler functions for rendering and processing session login and logout pages.
+
+- `getAdminLogin` renders the HTML login form
+- `postAdminLogin` ingests login form data, either validating or denying
+ for local users, or redirecting to IndieAuth server and persisting transient state
+ in session cookie.
+- `getAdminIA` interprets the returning redirect from the IndieAuth server.
+
+### Other Notes
+
+The logger used should be able to mask `ctx.parsedBody.credential` context field.