Switch from basic auth to session by default

[mraineri]

Currently the login function will use basic auth by default unless otherwise specified. It would be good to use session auth so that it simplifies code leveraging the with statement. Session authentication should be preferential in the majority of cases, but need to understand why basic auth was originally used as the default.

[jautor]

Indications are that this was done during early specification development when Sessions were still being defined and/or implemented, so Basic Auth was the 'reliable' method. Recommend we change the default to use best practices.