#1170 changed the way basic auth works so that it creates a proper login session, which is fine for when a human user is prompted for password via basic auth, but basic auth was mainly intended to be used by scripts etc (replication being a notable example) which do not keep track of cookies in general and definitely do not remember them for any period of time.
Now replicated sites collect rows to the session table at the same rate as they do replication operations on objects, this is not good.
So we need some sort of marker (preferably one that can be specified also via GET/POST variables) that indicates that no session should be created in this case.
