I am not sure what that means. Yes, if a user tries to login using BASIC authentication and then changes her mind she will have to hit the cancel button on the login prompt. I cannot see that as a problem.

Roll-your-own authentication with cookies frightens me. For one thing, there are security implications. If you are not careful then a clever user could read his own cookie and possibly modify it to become someone else. This whole endeavor seems like a reinventing a wheel when you could borrow a bicycle. Use built-in authentication (usually BASIC auth on Apache) unless there is some reason not to. Especially when the person who is rolling his own authentication calls himself a "newbie." Don't ask sixth graders to perform surgery on themselves, and don't ask newbies to write their own authentication modules.