you'll need sessions anyway to keep user logged in. that is an old user-submitted recipe website dump, some info might be outdated.
you may have some endpoint to check user creds against db and then put it into session, then you can check whether user is authorized by looking at session.
please note that CherryPy is a low-level micro-framework, which does not have django/flask-like high-level batteries. it's more like a Lego(tm), which enables you to operate on low-level as well as build higher-level abstractions needed specifically for your use-case