This method will check if a session has already been started, which is
the case after tokens relying on a session have been authenticated: the
UsernamePasswordToken does, for example, start a session in its authenticate()
method.
Because more than one account can be authenticated at a time, this method
accepts an array of tokens instead of a single account.
Note that if a session is started after tokens have been authenticated, the
session will NOT be tagged with authenticated accounts.