Allow the user to provide an authenticated cookie/header

The idea is to bypass the initial authentication flow to allow a user to manually use an authentication method that would not be implemented, or even to hijack a session.