More documentation on login management

This commit explains in particular how to save the fact that login has
succeeded once by using the browser's logged attribute, so that do_login
isn't called multiple times afterwards.