Sets a validation function that checks a given T session instance and returns Principal, or null if the session does not correspond to an authenticated principal.