part of creating the double opt in system is to create the Validated Email access rule.
use that access rule for any show if behaviors that should only show for validated email users and for any page access restrictions for pages that should only be viewed by users with a validated email address.
basically the auto login will only pass the standard Logged into <your users table> access rule, but it wont be able to pass the validated email access rule.