It's more convenient to programmatically log into the server via a controlled session using a session id (sid) on subsequent session calls. The simple path is /login-sid.ext?jid=user@server/resource&pass=foo and .ext will return the sid via whatever format you choose (probably javascript or xml).
There's also an optional &timeout=600 (10 minutes of inactivity will close session, defaults to 3 mins). The plan is to support setting and checking a cookie for the sid variable as well.
Try it here to log in as wcstest@snowdeal.org and get the sid via html.