floriankramer
commented
4 years ago A possible alternative might be setting an auth cookie. A user connecting to index.html with the valid key would receive an auth token which would then be stored in a cookie and allow access to the remainder of the page. This could lead to issued with loading resources though. Potentially, a separate start page and a redirect would be required.
With uids having been made public they are no longer sufficient for permissions management.