Store verify_result with sessions to avoid potential security hole.

For the server side this was already done one year ago :-(