Is there a secure way of transmitting a username and password to every page through a query string? It seems to me that "default.asp?username=kill&password=death" would be too obvious and easy to hack during trasnmission -- likewise for a cookie.

I was thinking about setting up a database that, upon logging in, would contain the user's IP address, username & password, and a "session ID" that would kill itself within half an hour. The session ID would be in the query string, and only be accessible by the IP address corresponding to the record.

Any thoughts on this method, or a better way of doing things?