As for "best approach", there's a tutorial on using CGI::Application. The author, Jesse Erlbaum, recommends using the Apache::Auth* modules for login security and session management. See the section "Thoughts on Sessions and Security". See:
Using CGI::Application