As you might be aware, the HTTP protocol (see https://tools.ietf.org/html/rfc2616), upon which the World Wide Web is based, is stateless in nature. What that means is that each web request is treated as if it's the first request ever made. Accordingly, the protocol itself provides no way to retain information between requests. Therefore, here, we will define a classic authentication mechanism that uses information stored in an HTTP cookie to provide a reference to more information stored on the server.
We will not cover web classes in detail as they are beyond the scope of this book (that is, they do not address MongoDB-driven application development). If you are interested, the source code for the strictly web-based classes referenced in this chapter can be found in /path/to/repo/chapters/05/src/web in the source code repository associated with this book.
The web.session.Session class (/path/to/repo/chapters/05/src/web/session.py) provides this...