KK wrote: We'll have to convert it to some kind of token based authentication to make things work.
What a nice, interesting thread here
I have just read about this t-b-a and found, that token is passed to the destination url, probably similar to a http.get parameter. If so, tokens (md5 hash over username and time) can be created as clonable pages and url validated against the scope of existing tokens. Am I on the right track?