func (h *handler) makeSession(user auth.User) error {
	if user == nil {
		return base.HTTPErrorf(http.StatusUnauthorized, "Invalid login")
	}
	h.user = user
	auth := h.db.Authenticator()
	session, err := auth.CreateSession(user.Name(), kDefaultSessionTTL)
	if err != nil {
		return err
	}
	cookie := auth.MakeSessionCookie(session)
	cookie.Path = "/" + h.db.Name + "/"
	http.SetCookie(h.response, cookie)
	return h.respondWithSessionInfo()
}
// Creates a session with TTL and adds to the response.  Does NOT return the session info response.
func (h *handler) makeSessionWithTTL(user auth.User, expiry time.Duration) (sessionID string, err error) {
	if user == nil {
		return "", base.HTTPErrorf(http.StatusUnauthorized, "Invalid login")
	}
	h.user = user
	auth := h.db.Authenticator()
	session, err := auth.CreateSession(user.Name(), expiry)
	if err != nil {
		return "", err
	}
	cookie := auth.MakeSessionCookie(session)
	base.AddDbPathToCookie(h.rq, cookie)
	http.SetCookie(h.response, cookie)
	return session.ID, nil
}