This is how I did it, just to give you an idea:

1. Verify if username exists in the database. If it exists, fetch the encrypted password.
2. Compere Passowrd with the decrypted password from the database.
3. Generate a session id. It is an encoded result of a username and expiration time.
4. Generate HTML through CGI with the session_id included as part of QUERY_STRING.

Every page that is accessed looks for the session id, decodes it, and if it is valid and not expired, generate the pages desired.

Though I stored IP addresses in a log, I did not include them in the validation since I'm aware of the higher chances that my users would be using their accounts on different machines (with different addresses).

Would this work.....

#Generate the HTML and Dump Cookie (session_id)
&generate_html();

#A function that checks for the Dumped Cookie. If it can't find the cookie it means that the USER_AGENT is closed.
&loop_to_check_for_cookie();