So I can start to understand sec_handler better; what is the difference between the session_id cookie and the user_login cookie?