Session data lost after authentication
Session data set by the (custom) Authentication Service classes in lost after the authentication. I think it's because the session data is read before the service class methods are called and if the previous session was 'anonymous', the first read data (before the authentication services are called) is saved to the new session.
I've added a possible patch in the form of a diff file attached to this issue ticket. With this changes the 'anonymous' session is read once again right before the authenticated session is created.