When the user enters a page or post password WordPress sets wp_postpass_XXXX cookie:
Use chrome://settings/cookies/detail?site=developernote.com to see the cookies in Google Chrome browser.
I installed Post Password Token plugin that sets this cookie with the following code:
function ppt_set_cookie($post_password) {
global $token, $wp_version;
setcookie(PPT_COOKIE.COOKIEHASH, $token, null, COOKIEPATH);
$redirect_uri = 'http' . (is_ssl() ? 's' : '') . '://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
if (version_compare($wp_version, '3.3', '<=')) {
// legacy cookie
setcookie('wp-postpass_' . COOKIEHASH, $post_password, time() + 864000, COOKIEPATH);
wp_redirect($redirect_uri);
}
else {
// hashed cookie
global $wp_hasher;
if (empty($wp_hasher)) {
require_once( ABSPATH . 'wp-includes/class-phpass.php' );
// By default, use the portable hash from phpass
$wp_hasher = new PasswordHash(8, true);
}
setcookie('wp-postpass_' . COOKIEHASH, $wp_hasher->HashPassword(stripslashes($post_password)), time() + 864000, COOKIEPATH);
wp_safe_redirect($redirect_uri);
}
exit;
}
also it sets its own cookie wp-post-token_XXXX.
The plugin makes password protected posts and pages accessible with a direct link. It was not updated for a long time, but looks like it works somehow.