Just in case you’re not familiar with the basics, I suggest you read James Fairhurst’s and teknoid’s posts first. Good stuff but doesn’t work for Auth messages because you can’t specify parameters when Auth calls $this->Session->setFlash().
So I decided to ignore the phase where you set the flash message and hack the phase where the message is being printed. I created a custom helper and extended/overrode SessionHelper.