Actually, there are multiple authentication methods that can be used by developers. Most of them are sort of tricky hacks. Here we only introduce the most common way.
The most common and relative safe way for authentication is to use POST method. And check username and passwd from a table in DB.
Here is a simple example:
(post "/auth" #:auth '(table user "user" "passwd") #:session #t (lambda (rc) (cond ((:session rc 'check) "auth ok (session)") ((:auth rc) (:session rc 'spawn) "auth ok") (else (redirect-to rc "/login?login_failed=true")))))
NOTE: The passwd will be encrypted by default algorithm.