Each session is private and can be accessed only through its unique URL which contains a non-guessable random string. Would you still be interested in locking with a password? Can you please describe a use-case?