homepage Welcome to WebmasterWorld Guest from 54.197.94.241
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
Forum Library, Charter, Moderators: bakedjake

Linux, Unix, and *nix like Operating Systems Forum

    
Prompted Twice for Password from Protected Directory
Jeremy_H




msg:3180573
 9:44 pm on Dec 6, 2006 (gmt 0)

Hello,

I am using a linux server, and I password protect a directory by using two files located in that directory:

.htaccess
.htpasswd

The directory currently is password protected, but when being prompted for my password, I am prompted twice.

I am prompted twice on different computers, operating systems and browsers.

Any ideas? Being prompted twice can be annoying.

Here's what my files look like:

.htaccess:

AuthUserFile /folder_path/folder_name/.htpasswd
AuthName "Login Required"
AuthType Basic
require valid-user

.htpasswd:

user1:coded_password1
user2:coded_password2
user3:coded_password3
user4:coded_password4

 

Receptional Andy




msg:3182629
 4:49 pm on Dec 8, 2006 (gmt 0)

A couple of possibilities:

- Is the directory protected by another mechanism?
- Is there any redirect after you enter the first password (see apache.org [httpd.apache.org])?

mcavic




msg:3183125
 3:30 am on Dec 9, 2006 (gmt 0)

Or are there two .htaccess files? Maybe one in /folder_path, and another in /folder_path/folder_name?

physics




msg:3183793
 8:08 pm on Dec 9, 2006 (gmt 0)

I think mcavic probably nailed it.
Also, .htpasswd should not be in a web directory. It should be in /home/you/passwords/ for example but not /home/you/public_html/foo/

Citrus




msg:3183909
 11:02 pm on Dec 9, 2006 (gmt 0)

The password file should be above your webroot if you can.
The reason you are prompted twice for a password is probably because you are requesting www.foo.com and not www.foo.com/.

Putting that forward slash on the end makes all the difference.

mcavic




msg:3183924
 11:13 pm on Dec 9, 2006 (gmt 0)

requesting www.foo.com and not www.foo.com/

That would result in two requests to the server, but the browser should remember the password and only prompt the user once.

Citrus




msg:3184529
 10:04 pm on Dec 10, 2006 (gmt 0)

It may be just my browser or server setup then, but adding the trailing slash on a couple of links to a password protected directory certainly stopped double prompting for passwords in my case.

phranque




msg:3187209
 9:32 am on Dec 13, 2006 (gmt 0)

could you possibly have another .htaccess file in another directory being accessed by (for example) css files or images on that page?
this may cause another authorization attempt.
if so, the AuthName directive is the "authorization realm for a directory" and i believe it's value must match the one in the root directory's .htaccess file.
you can see the text string for the authorization realm in the login screen.

DataG




msg:3187243
 10:19 am on Dec 13, 2006 (gmt 0)

I had this problem once and the answer anoyed me:

If you're doing a redirect to a https:// url,
both http:// and https:// require separate auth from the user.

In this case the user will be prompted with the auth dialog twice.

Sean K.

phranque




msg:3188491
 11:16 am on Dec 14, 2006 (gmt 0)

DataG, you can usually solve that problem by using relative path names, so it picks up the protocol and host from the request string.

photopassjapan




msg:3188525
 11:46 am on Dec 14, 2006 (gmt 0)

mcavic, perhaps it should but it doesn't... At least not for me.

If i request a directory without the / i get prompted twice too, no matter what. Although it might be the settings, i use a pretty strict IE6. If i enter the login, and make it remember, it will record the info for the dir and dir/ separately too...

... on another note, ( and another site ) there's a separate .htaccess in the domain root doing redirects and ever since it's in place ( from /default.html to / ) the server would request the password for dir and dir/ all the same, except... it would show a 404 for the first request. ( i'm pretty lame with .htaccess )

Jeremy_H




msg:3189608
 3:57 pm on Dec 15, 2006 (gmt 0)

Thank you everyone for helping.

Sorry, it took a while to reply but I was trying to learn the absolute path of the level above my public html so I could move my files there.

Once I moved the passwords file up to that level as suggested it seems to work fine now, but I need to do some more testing.

Thanks everyone for all your help!

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved