When the user enters a page or post password WordPress sets wp_postpass_XXXX
cookie:

Use chrome://settings/cookies/detail?site=developernote.com
to see the cookies in Google Chrome browser.
I installed Post Password Token plugin that sets this cookie with the following code:
function ppt_set_cookie($post_password) { global $token, $wp_version; setcookie(PPT_COOKIE.COOKIEHASH, $token, null, COOKIEPATH); $redirect_uri = 'http' . (is_ssl() ? 's' : '') . '://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']; if (version_compare($wp_version, '3.3', '<=')) { // legacy cookie setcookie('wp-postpass_' . COOKIEHASH, $post_password, time() + 864000, COOKIEPATH); wp_redirect($redirect_uri); } else { // hashed cookie global $wp_hasher; if (empty($wp_hasher)) { require_once( ABSPATH . 'wp-includes/class-phpass.php' ); // By default, use the portable hash from phpass $wp_hasher = new PasswordHash(8, true); } setcookie('wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword(stripslashes($post_password)), time() + 864000, COOKIEPATH); wp_safe_redirect($redirect_uri); } exit; }
also it sets its own cookie wp-post-token_XXXX
.
The plugin makes password protected posts and pages accessible with a direct link. It was not updated for a long time, but looks like it works somehow.