Reply to Please consider a token based solution.


Acuatally this is already implemented. There is a token based authentication called TUID. You see this in the notification mail links for changing user profile. So the url would be:


The reason I did prefer the http authentication was security: Actually the token is a valid username/password key and it would not only be transmitted without encryption. But it would also be stored in many log files. Of cause we could let the user decide, how much security is appropriate.

Another, much more complex solution would be to generate special tokens to viewing only.
But this would a lot of code.