The Non authenticated access for internal IPs, Authenticated for external IPs section of the mod_perl guide's chapter on security may help. It provides code which, using PerlAuthenHandler and PerlAccessHandler, lets you make your own callbacks for those Apache phases.

The example passes users based on their IP addresses. If you wanted to use a cookie you might be able to do this with Apache::AuthCookie. I haven't done these things but would be interested to see how your work goes.