I have my own code I use on my projects. It uses secure SHA 256 hashing for the passwords. The code handles registration, login, logout, and forgot password flows.
Anyway, if you don't use a nonce per user or a time consuming hashing method, then all tptacek's comments apply. His link in http://news.ycombinator.com/item?id=576021 is worth your time.
This is the best strategy for us because it allows us to offer a wide array of services running through our accounts, using out of the box software..
We can tie the forums into LDAP without writing our own, as well as our internal Jabber server, etc.
Once login has completed, we give the user a 128-bit sessionID, which we use for all further communication, until their session expires.