Hi AndyHope, welcome to WebmasterWorld! :)
I have little experience in this area, never had anything on the web valuable enough to need a password! ;)
Seriously, any chance it's a browser issue? Is it limited to one browser or version of browser? That's the only thing that occurs to me, sorry.
Hopefully some of our regulars will offer some better suggestions. Anyone?
Are you using frames?
It looks perfect to me. I would have to reckon that if it eventually works, then everything is OK on the server end.
Some times things get in caches and the browsers history and the person may have to shut down all their browsers and then reload them. This happens if they enter the username or password wrong. I have customers all the time that enter the information in all upper case, etc. Be sure to them it is case sensitive.
|When users try to access this directory they have to enter the username/password 2 or sometimes 3 times in order to gain access. |
Well, if they enter the wrong password, yes... but this is about users who enter the correct username/password over and over again, after only requesting one page.
It's actually quite common on frame based sites that users get prompted for username/password more than once.
Your right of course, but I have customers that enter the wrong stuff and say the are entering the right stuff, and I can only check to see the username in the log not the password. They enter (1) for (l) and uppercase 'O' for zero (0).
Are there any other .htaccess directives which will apply to the page they are trying to access when they log in? For example, if the page requiring authorization is actually script-generated, and an external redirect (301 or 302) is invoked to redirect from this "virtual html page" to the script, then a second login will be required.
Another example would be if the users access [example.com...] and the server is set up to 301 redirect to [[b][...] In this case the authorization may be triggered before the redirect takes place. The redirect will then force a second round of authorization.
Do your raw access logs give any hints?
Why you might get three authorization required transactions, I have no idea!
Do you ever have to enter the username and password more than once? Are there differences in the browsers being used? The answer to this may point in the right direction.
Thanks to all those who replied.
Special thanks to jdMorgan who put me on the right track. The URL in question was being automatically re-directed by Apache which explains the two authorisation requests.
I have modified the link in question so that no re-direction is required and bingo - I only have to enter the username/password once.