Welcome to WebmasterWorld Guest from 54.197.171.28

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

.htaccess multiple authorisation requests

   
10:17 am on Apr 28, 2003 (gmt 0)

10+ Year Member



Hi,

I've been using the .htaccess method to prevent unauthorised access to certain directories for years with no problems.

However, just lately I added a .htaccess file to a directory.
----------------------------------------

AuthUserFile /www/conf/.htpasswd
AuthGroupFile /dev/null
AuthName admin
AuthType Basic

<Limit GET POST>
require user wcadmin
</Limit>

------------------------------------------

When users try to access this directory they have to enter the username/password 2 or sometimes 3 times in order to gain access.

Any ideas as to what's happening?

4:32 am on Apr 30, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Hi AndyHope, welcome to WebmasterWorld! :)

I have little experience in this area, never had anything on the web valuable enough to need a password! ;)

Seriously, any chance it's a browser issue? Is it limited to one browser or version of browser? That's the only thing that occurs to me, sorry.

Hopefully some of our regulars will offer some better suggestions. Anyone?

4:40 am on Apr 30, 2003 (gmt 0)

WebmasterWorld Senior Member drdoc is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Are you using frames?
4:43 am on Apr 30, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Andy

It looks perfect to me. I would have to reckon that if it eventually works, then everything is OK on the server end.

Some times things get in caches and the browsers history and the person may have to shut down all their browsers and then reload them. This happens if they enter the username or password wrong. I have customers all the time that enter the information in all upper case, etc. Be sure to them it is case sensitive.

4:47 am on Apr 30, 2003 (gmt 0)

WebmasterWorld Senior Member drdoc is a WebmasterWorld Top Contributor of All Time 10+ Year Member



When users try to access this directory they have to enter the username/password 2 or sometimes 3 times in order to gain access.

Well, if they enter the wrong password, yes... but this is about users who enter the correct username/password over and over again, after only requesting one page.

It's actually quite common on frame based sites that users get prompted for username/password more than once.

4:51 am on Apr 30, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Your right of course, but I have customers that enter the wrong stuff and say the are entering the right stuff, and I can only check to see the username in the log not the password. They enter (1) for (l) and uppercase 'O' for zero (0).
5:09 am on Apr 30, 2003 (gmt 0)

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member



AndyHope,

Are there any other .htaccess directives which will apply to the page they are trying to access when they log in? For example, if the page requiring authorization is actually script-generated, and an external redirect (301 or 302) is invoked to redirect from this "virtual html page" to the script, then a second login will be required.

Another example would be if the users access [example.com...] and the server is set up to 301 redirect to [[b][...] In this case the authorization may be triggered before the redirect takes place. The redirect will then force a second round of authorization.

Do your raw access logs give any hints?

Why you might get three authorization required transactions, I have no idea!

Jim

5:17 am on Apr 30, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



AndyHope,

Do you ever have to enter the username and password more than once? Are there differences in the browsers being used? The answer to this may point in the right direction.

7:44 am on Apr 30, 2003 (gmt 0)

10+ Year Member



Thanks to all those who replied.

Special thanks to jdMorgan who put me on the right track. The URL in question was being automatically re-directed by Apache which explains the two authorisation requests.

I have modified the link in question so that no re-direction is required and bingo - I only have to enter the username/password once.

Thanks again.

Andy