Uhm, you *are* aware that anyone can get past that by disabling JScript?
No matter what you've heard elsewhere, there is no possible way -- none, nada, zip, no-how -- that you can protect that script from the eyes of others.
With the above caveats in mind:
Instead of simply storing the password in the cookie, you can also store the redirect url -- this implies that you need to store the url in a js file (which makes it more difficult, but not impossible for users to find). Then when a user appears at the site, the code should first look for the cookie, extract both password and url, check the password and simply redirect with a window.location.
Again, if this is a sensitive page, you need cgi, which also isn't absolutely secure, but it does stop an Ivory Soap number of people (99.99%).