Sets a validation function that will check given T session instance and return Principal, or null if the session does not correspond to an authenticated principal