in reply to
what is the best method for user authentication
That depends on what you need. If you need security, SSL (https) fixes those things outside of the programming language, allowing you to focus on the easier things. One easy way to implement authentication is HTTP Basic authentication. This usually generates a dialog window that asks the user for username and password. The biggest drawback is that there isn't an easy and solid way to log out: a user stays logged in for as long as the browser remembers the password, which is usually as long as the browser has a window open. If that is a problem, cookies + sessions are probably what you're looking for. In that case, you'll have to do a lot more.