Simple javascript application to set a cookie. That cookie is checked by apache to authenticate the user. Sometimes basic- oder digest-auth don't work (for example when the application makes some special Javascript-XHR-Requests). Cookies are sent anyway, this is the part for the apache config:

	# Check for token-cookie
	RewriteEngine On
	RewriteRule "^/\." "-" [last]
	# If cookie is set just pass through
	RewriteCond "%{HTTP_COOKIE}" "(?:^|\W)__Host-auth-token=YOUR_TOKEN_PASSWORD(?:\W|$)"
	RewriteRule ".*" "-" [last]
	# Last, if nothing is given, redirect to input
	RewriteRule ".*" "/.token-auth/" [last,redirect=303]