1.2.3.1 Checking Who Is Signed In

If the manager finds that a user is currently signed in and that the auth session has not idled or expired, then the attribute auth.signedInUser will contain a user object containing all the auth information about that user. This is set to None if no user is signed in.

Usernames are case insensitive but are always stored in the driver as lowercase.

You can directly set the firstname, surname, email, group and active status of the user like this auth.signedInUser.firstname = 'John'

If no user is signed in you will need to present a sign in form to allow the user to sign in.

if auth.signedInUser != None:
    print web.header('text/plain'), "Authorised"
else:
    print web.header()
    # display sign in form

You can use whatever methods you like to sign a user in, just use auth.signIn(username) once you have checked the user's password and want to sign them in. They will be added to the auth session store.

If you don't want to provide the sign in functionality yourself you can use a sign in handler.