To extend on what I said a .url file with the following would suit your purposes

have a the hash checked against the database and thats it, I would recommend hashing the some bit of data that isn't known to the user or any other person for that matter. For instance if you happen to store the last known login time for non-user related purposes (Like logs) then hash that and store it within the .url, even then a hacker who got into your database would not even need to go through the rainbow table process to crack the user's account, they'd simply copy the hash value into their own .url file and click to login and theirs not verification you can add to check others because asking for their real name, then it's right there the database records. Asking for a question to answer to verify would defeat the purpose of the .url file.

So in essence, what I am trying to say is - Don't do it.