Sessions and user authentication are two totally separate things. One does not require the other. Sessions are useful
for sites that require user authentication because it enables the authenticated user data to persist across pages, but they are not required to implement authentication.
I have no idea how the logic of your site is implemented, but the following logic flow might help:
1) have a link on your main page to a login screen
2) on the login screen, have the user enter his/her user information.
3) use a back-end cgi script to authenticate the user ( probably against a database? )
4) once that cgi script has authenticated the user, then create your session
5) use the existence of the session and its data to allow the user into the members area
not knowing what you really want, I hope this helps