From reading what you're looking at you may want to consider using either a mod-perl enabled server for authorization (possibly using non-mod_perl servers for other tasks that only require a valid user). If mod_perl is an option, I would suggest Apache::AuthCookieDBI.

Failing to have a mod_perl server, I would recommend that you use a similar system to the Apache::AuthCookieDBI module. Have a string of username, ip address, expiration time (this needs to be short in order to avoid replay attacks), and possibly a session id. MD5 these with a 'secret key' that is constant across all sites and you've got a better system. If you want to be even trickier, have the expiration time in the session and in the cookie, and check to see they're the same.

Don't put the password anywhere near the browser if possible! See Apache::Session for a non-apache based session system.