Simplify login handler by isolating session init logic

And standardize on a single structure for the gorilla session
map, using the 'data' key for our gob-encoded objects.