HTTP Digest Authentication
In this scenario where you have already a database of hashed passwords it's not possible to use digest authentication as far as they were not hashed using the same function.
I think the best solution for you here is create a login page and use cookie sessions to control the privileges of the users. With this solution you get the answer for the other questions:
- The cookie can be set to be use between subdomains: http://en.wikipedia.org/wiki/HTTP_cookie#Cookie_attributes
- The session is going to be valid until the users close the browser, the timeout expired or the users click in the logoff button. Never forget to offer this option to your users!!!
i think you can hash the user inputted password first with the same function used to store the passwords in the database, then pass it as a digest password and the rest of the procedure will be the same.
and you will have to pass username and password in the HTTP URL instead of the normal formhttp://www.rojotek.com/blog/2008/05/19/http-authentication-in-a-url/