That is the correct URL to use, and since it doesn't start with "httpS", a security token shouldn't be involved. That is the extent of my knowledge on the matter.
Someone with more "token" knowledge have any ideas?
Can you try a different browser to see if you get the same problem? It might be a cookie problem, so deleting cookies is never a bad idea.