FYI:
I just merged Magnus' refactor-auth branch onto the default branch. This entails that session['user'] is no longer a forgetSQL object, but a dictionary.
The dictionary will contain the keys 'id', 'login' and 'name'. The branch (hopefully) refactors all NAV code that expected a forgetSQL account object.