Storing state in-memory is usually not a good idea for web apps, most use databases with persistence. I got curious and found the example code for implementing password-based authentication on SQLite. I don't think it's very compelling when the alternatives include Django.

https://github.com/rio-labs/rio/blob/41a6bb828c2e20eb7fdc5c6...

This is just programmers being lazy and essentially reinventing PHP sessions, throwing away years of progress.