|There's more than one way to do things|
Well, i'm not so sure how to send back headers that would allow you to sign in a user through Apache UserAuthentication (your first one), but I don't think you want to do that anyway, unless you don't mind having large .htpasswd files :)
What your asking for is quite large, so I'll try my best to explain some of this, but you'll need to find some other tutorials (i have some links).
Considering your second point, this is a perfect task for (drumroll) CGI.pm!
First of all, Cookies are tidbits of information that your server sends to the user's browser, where it is stored. The stored info is then sent back when a new request is made to your site. I'm sure there's a better explanation out there, but I'm trying to keep it simple.
Those cookies will hold your users' username and password. Everytime they make a request to your page/program, it will receive the cookies, and then act on what it finds. The program will check the cookie information with the names/passwords you have stored on the server and compare. If they pass your specifications (usually matching, case-sensitive), you allow the user into your content.
Here's where CGI.pm comes in. CGI.pm is a wonderful module. It does nearly everything, except bring you pizza and beer. You can easily set cookies, and retrieve cookies with a few (one or two) lines.
Now, you're going to have to face some security issues (fake/spoof cookies), and some functionality issues (browsers without cookie support), so I suggest after getting your code together, submitting it here or having someone experienced in CGI to look at it.
Best of luck to you, and if you need any help, just ask!
John J Reiser