in reply to
CGI::Application::Authentication and Static Pages
there is also the possiblity to work with perlauthenhandler.
This way you are able to write your own authentication mechanism, based on cookies or whatever.
I don't know however if this possibility is suitable for you, since you write about some limitations.