homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

.htaccess multiple authorisation requests

 10:17 am on Apr 28, 2003 (gmt 0)


I've been using the .htaccess method to prevent unauthorised access to certain directories for years with no problems.

However, just lately I added a .htaccess file to a directory.

AuthUserFile /www/conf/.htpasswd
AuthGroupFile /dev/null
AuthName admin
AuthType Basic

<Limit GET POST>
require user wcadmin


When users try to access this directory they have to enter the username/password 2 or sometimes 3 times in order to gain access.

Any ideas as to what's happening?



 4:32 am on Apr 30, 2003 (gmt 0)

Hi AndyHope, welcome to WebmasterWorld! :)

I have little experience in this area, never had anything on the web valuable enough to need a password! ;)

Seriously, any chance it's a browser issue? Is it limited to one browser or version of browser? That's the only thing that occurs to me, sorry.

Hopefully some of our regulars will offer some better suggestions. Anyone?


 4:40 am on Apr 30, 2003 (gmt 0)

Are you using frames?


 4:43 am on Apr 30, 2003 (gmt 0)


It looks perfect to me. I would have to reckon that if it eventually works, then everything is OK on the server end.

Some times things get in caches and the browsers history and the person may have to shut down all their browsers and then reload them. This happens if they enter the username or password wrong. I have customers all the time that enter the information in all upper case, etc. Be sure to them it is case sensitive.


 4:47 am on Apr 30, 2003 (gmt 0)

When users try to access this directory they have to enter the username/password 2 or sometimes 3 times in order to gain access.

Well, if they enter the wrong password, yes... but this is about users who enter the correct username/password over and over again, after only requesting one page.

It's actually quite common on frame based sites that users get prompted for username/password more than once.


 4:51 am on Apr 30, 2003 (gmt 0)

Your right of course, but I have customers that enter the wrong stuff and say the are entering the right stuff, and I can only check to see the username in the log not the password. They enter (1) for (l) and uppercase 'O' for zero (0).


 5:09 am on Apr 30, 2003 (gmt 0)


Are there any other .htaccess directives which will apply to the page they are trying to access when they log in? For example, if the page requiring authorization is actually script-generated, and an external redirect (301 or 302) is invoked to redirect from this "virtual html page" to the script, then a second login will be required.

Another example would be if the users access [example.com...] and the server is set up to 301 redirect to [[b][...] In this case the authorization may be triggered before the redirect takes place. The redirect will then force a second round of authorization.

Do your raw access logs give any hints?

Why you might get three authorization required transactions, I have no idea!



 5:17 am on Apr 30, 2003 (gmt 0)


Do you ever have to enter the username and password more than once? Are there differences in the browsers being used? The answer to this may point in the right direction.


 7:44 am on Apr 30, 2003 (gmt 0)

Thanks to all those who replied.

Special thanks to jdMorgan who put me on the right track. The URL in question was being automatically re-directed by Apache which explains the two authorisation requests.

I have modified the link in question so that no re-direction is required and bingo - I only have to enter the username/password once.

Thanks again.


Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved