Get rid of the _auth hash in URLs
|Reported by:||thomasb||Owned by:||thomasb|
The auth hash which is checked against the string saved in session cookie should be removed. This would make it easier to implement an external login where this hash always has to be included. To enhance security, a second cookie which changes it's value every few minutes should be used.