Here are some initial thoughts.
What is a BCCMS and why does this class need to extend it?
The whole UsernameMatch/Password match forking and messaging - don't do this, you are giving too much info to someone who might be trying to force their way in - "Your Username matches but your password does not match the username in the database" <- whoopee, I'm 50% there!
So refactor all of that out, simplify it.
Overall this class is doing too much -- especially with all the db connection stuff, that means the script calling this has to hold db credentials.
I'd tend towards passing a db object to this class, maybe in the constructor.
If you are serious about adopting OOP then I would urge you to look at using PDO (or mysqli using OOP methods).
$PDO = new PDO ; // set your pdo object here
// now you db connection is already instantiated and ready to be used
$sess = new Sesssion($PDO);
// pass the connection to your Session object
if( !$sess->isLoggedIn() )
// send away
Is one way of dealing with the dependency on the connection, it is a type of "aggregation".
Think about the signatures of the methods in terms of how you'd use them in your userland code, make sure they are easy to read and describe what you object is doing on your behalf.