I think you really just need to create a cookie based login session system. If you have reasons for not wanting to store users in a database then you can still use a .htpasswd file for storing users. I think App::Authentication::Htpasswd should allow you to do that.