A couple of possibilities:
- Is the directory protected by another mechanism?
- Is there any redirect after you enter the first password (see apache.org [httpd.apache.org])?
Or are there two .htaccess files? Maybe one in /folder_path, and another in /folder_path/folder_name?
I think mcavic probably nailed it.
Also, .htpasswd should not be in a web directory. It should be in /home/you/passwords/ for example but not /home/you/public_html/foo/
The password file should be above your webroot if you can.
The reason you are prompted twice for a password is probably because you are requesting www.foo.com and not www.foo.com/.
Putting that forward slash on the end makes all the difference.
|requesting www.foo.com and not www.foo.com/ |
That would result in two requests to the server, but the browser should remember the password and only prompt the user once.
It may be just my browser or server setup then, but adding the trailing slash on a couple of links to a password protected directory certainly stopped double prompting for passwords in my case.
could you possibly have another .htaccess file in another directory being accessed by (for example) css files or images on that page?
this may cause another authorization attempt.
if so, the AuthName directive is the "authorization realm for a directory" and i believe it's value must match the one in the root directory's .htaccess file.
you can see the text string for the authorization realm in the login screen.
I had this problem once and the answer anoyed me:
If you're doing a redirect to a https:// url,
both http:// and https:// require separate auth from the user.
In this case the user will be prompted with the auth dialog twice.
DataG, you can usually solve that problem by using relative path names, so it picks up the protocol and host from the request string.
mcavic, perhaps it should but it doesn't... At least not for me.
If i request a directory without the / i get prompted twice too, no matter what. Although it might be the settings, i use a pretty strict IE6. If i enter the login, and make it remember, it will record the info for the dir and dir/ separately too...
... on another note, ( and another site ) there's a separate .htaccess in the domain root doing redirects and ever since it's in place ( from /default.html to / ) the server would request the password for dir and dir/ all the same, except... it would show a 404 for the first request. ( i'm pretty lame with .htaccess )
Thank you everyone for helping.
Sorry, it took a while to reply but I was trying to learn the absolute path of the level above my public html so I could move my files there.
Once I moved the passwords file up to that level as suggested it seems to work fine now, but I need to do some more testing.
Thanks everyone for all your help!