The only trouble I'd have with that is as the url is displayed in the browser it's like having a textbox always showing on the screen with the admin password in it for anyone passing by. If this is for use by normal users it's also too easy for them to copy/paste the url without realising its signifigance.Other than that if the number is treated correctly it could infact just be considered as a password. Although a quick login form, post, and a cookie would work nicer as it's not displayed on screen anymore. Plus it implies to a user that they should not give out that number.