If we don't, they will trigger the login handler and invalidate the current session (if any), which prevents the user from being able to log in.