Of course theres more than one way to do. If you are using Apache then I like mod_perl and the Apache API to request http authentication and then perform validation against a database (using the DBI of course :-). Of course if you don't want users having to log in each session then cookies are a sound method.
Lincoln Stein's and Doug MacEachern book 'writing Apache Modules with Perl and C' has an excellent section on different authorisation schemes.