I’m trying to figure out how to populate custom session data for users without having them authenticated. I’ve a custom session, CustomUserSession derived from AuthUserSession. The idea is that when a certain users access the application from a known ip address or with a api key in the header, I’d want to update certain properties. I was able to do this by hooking into OnCreated in Session Events. Is this a proper place to do this? Is OnCreated called just once when a session object is created for the first time for a user? I can’t hook into OnAuthenticated because I’m not authenticating the user.