Private area with ACL by user type

[realgpp]

I'm wondering what's the best solution to implement a private area accessibile only by registration/login. Assuming the client wants different pages in private area, with different tree accessible based on the user type, is it possible to use the AEM login features? If so i would set ACL of pages according to different user groups. I see cif sets a cookie but how this cookie can be combined with cookie set by AEM login?

If any kind of documentation is available please suggest, i didn't find any regarding this matter.