The usual approach is to set a cookie as soon as the user is logged in, and store the login/session information with CGI::Session.

And you should only display links that the user is allowed to used and check before each action if the user has sufficient permissions.