Welcome to WebmasterWorld Guest from 54.166.227.36

Forum Moderators: bakedjake

Message Too Old, No Replies

Prompted Twice for Password from Protected Directory

     
9:44 pm on Dec 6, 2006 (gmt 0)

5+ Year Member



Hello,

I am using a linux server, and I password protect a directory by using two files located in that directory:

.htaccess
.htpasswd

The directory currently is password protected, but when being prompted for my password, I am prompted twice.

I am prompted twice on different computers, operating systems and browsers.

Any ideas? Being prompted twice can be annoying.

Here's what my files look like:

.htaccess:

AuthUserFile /folder_path/folder_name/.htpasswd
AuthName "Login Required"
AuthType Basic
require valid-user

.htpasswd:

user1:coded_password1
user2:coded_password2
user3:coded_password3
user4:coded_password4

4:49 pm on Dec 8, 2006 (gmt 0)



A couple of possibilities:

- Is the directory protected by another mechanism?
- Is there any redirect after you enter the first password (see apache.org [httpd.apache.org])?

3:30 am on Dec 9, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Or are there two .htaccess files? Maybe one in /folder_path, and another in /folder_path/folder_name?
8:08 pm on Dec 9, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I think mcavic probably nailed it.
Also, .htpasswd should not be in a web directory. It should be in /home/you/passwords/ for example but not /home/you/public_html/foo/
11:02 pm on Dec 9, 2006 (gmt 0)

5+ Year Member



The password file should be above your webroot if you can.
The reason you are prompted twice for a password is probably because you are requesting www.foo.com and not www.foo.com/.

Putting that forward slash on the end makes all the difference.

11:13 pm on Dec 9, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



requesting www.foo.com and not www.foo.com/

That would result in two requests to the server, but the browser should remember the password and only prompt the user once.
10:04 pm on Dec 10, 2006 (gmt 0)

5+ Year Member



It may be just my browser or server setup then, but adding the trailing slash on a couple of links to a password protected directory certainly stopped double prompting for passwords in my case.
9:32 am on Dec 13, 2006 (gmt 0)

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



could you possibly have another .htaccess file in another directory being accessed by (for example) css files or images on that page?
this may cause another authorization attempt.
if so, the AuthName directive is the "authorization realm for a directory" and i believe it's value must match the one in the root directory's .htaccess file.
you can see the text string for the authorization realm in the login screen.
10:19 am on Dec 13, 2006 (gmt 0)

5+ Year Member



I had this problem once and the answer anoyed me:

If you're doing a redirect to a https:// url,
both http:// and https:// require separate auth from the user.

In this case the user will be prompted with the auth dialog twice.

Sean K.

11:16 am on Dec 14, 2006 (gmt 0)

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



DataG, you can usually solve that problem by using relative path names, so it picks up the protocol and host from the request string.
11:46 am on Dec 14, 2006 (gmt 0)

5+ Year Member



mcavic, perhaps it should but it doesn't... At least not for me.

If i request a directory without the / i get prompted twice too, no matter what. Although it might be the settings, i use a pretty strict IE6. If i enter the login, and make it remember, it will record the info for the dir and dir/ separately too...

... on another note, ( and another site ) there's a separate .htaccess in the domain root doing redirects and ever since it's in place ( from /default.html to / ) the server would request the password for dir and dir/ all the same, except... it would show a 404 for the first request. ( i'm pretty lame with .htaccess )

3:57 pm on Dec 15, 2006 (gmt 0)

5+ Year Member



Thank you everyone for helping.

Sorry, it took a while to reply but I was trying to learn the absolute path of the level above my public html so I could move my files there.

Once I moved the passwords file up to that level as suggested it seems to work fine now, but I need to do some more testing.

Thanks everyone for all your help!

 

Featured Threads

Hot Threads This Week

Hot Threads This Month