WSGI, Werkzeug and form based authentication

I would like to implement a WSGI/Werzeug based web application and need help implementing the form based authentication. I found repoze.who and think it solves most of my problems. It works fine with SqlAlchemy which I will use for my database code. What I'm looking for is code to have salted passwords, p开发者_开发技巧rotection from session hijacking, ...

Are there any lighweight wsgi libraries to do that? I don't want to use a complete framework like Django, because I need more control over the details of request handling. But I would not like to implement security details on my own.

Flask is a good microframework to get you started. You can use WTForms to handle the forms, SQLAlchemy as the ORM and Jinja2 to handle the templates. It's a good match.

EDIT: Flask has some extensions that might help with what you need (Login extension?)