There are a number of ways to do this, and it isn't specifically a PERL question. Some of the answers will be platform dependant, as most webservers will allow you to control user access at the server level, and maintain your session info.

You could use cookies that use time stamp info and some kind of GUID to track valid users w/ a back end Db maintaining all the info.

You should probably take a step back and understand how these concepts work and work together. The answer might present itself.

C-.