I am looking to develop a web application that will have the user login and, once logged in, gives the user access to different website components.

Now I know how to do a lot of this. My real problem is, I have never done logging so I am unsure what the best, and most secure way is to go about doing so.

Would I just use sessions, store the username and passwor din the sessions and authenticate on every page? That doens't sound like the best way but I am unsure how to do it any other way.

Also, I don't know what kind of encryption to use for storing the passwords in a MySQL database.