Why not using "Basic" authentication?
Then you could use the supplied username as a session key...