Usually, when doing a login, you will need both #:auth and #:session options for a long time session. The first step is to authenticate, if it’s successful, then spawn a new session for this request.
Here is a simple example:
(post "/auth"
#:auth '(table user "user" "passwd")
#:session #t
(lambda (rc)
(cond
((:session rc 'check) "auth ok (session)")
((:auth rc)
(:session rc 'spawn)
"auth ok")
(else (redirect-to rc "/login?login_failed=true")))))
NOTE: The passwd will be encrypted by the default algorithm.