Welcome to WebmasterWorld Guest from 54.167.86.211

Forum Moderators: bakedjake

Message Too Old, No Replies

Prompted Twice for Password from Protected Directory

     
9:44 pm on Dec 6, 2006 (gmt 0)

Preferred Member

10+ Year Member

joined:Aug 12, 2005
posts:411
votes: 0


Hello,

I am using a linux server, and I password protect a directory by using two files located in that directory:

.htaccess
.htpasswd

The directory currently is password protected, but when being prompted for my password, I am prompted twice.

I am prompted twice on different computers, operating systems and browsers.

Any ideas? Being prompted twice can be annoying.

Here's what my files look like:

.htaccess:

AuthUserFile /folder_path/folder_name/.htpasswd
AuthName "Login Required"
AuthType Basic
require valid-user

.htpasswd:

user1:coded_password1
user2:coded_password2
user3:coded_password3
user4:coded_password4

4:49 pm on Dec 8, 2006 (gmt 0)

Senior Member

joined:Jan 27, 2003
posts:2534
votes: 0


A couple of possibilities:

- Is the directory protected by another mechanism?
- Is there any redirect after you enter the first password (see apache.org [httpd.apache.org])?

3:30 am on Dec 9, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 31, 2003
posts:1316
votes: 0


Or are there two .htaccess files? Maybe one in /folder_path, and another in /folder_path/folder_name?
8:08 pm on Dec 9, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 27, 2001
posts:2547
votes: 0


I think mcavic probably nailed it.
Also, .htpasswd should not be in a web directory. It should be in /home/you/passwords/ for example but not /home/you/public_html/foo/
11:02 pm on Dec 9, 2006 (gmt 0)

New User

10+ Year Member

joined:Aug 30, 2005
posts:37
votes: 0


The password file should be above your webroot if you can.
The reason you are prompted twice for a password is probably because you are requesting www.foo.com and not www.foo.com/.

Putting that forward slash on the end makes all the difference.

11:13 pm on Dec 9, 2006 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 31, 2003
posts:1316
votes: 0


requesting www.foo.com and not www.foo.com/

That would result in two requests to the server, but the browser should remember the password and only prompt the user once.
10:04 pm on Dec 10, 2006 (gmt 0)

New User

10+ Year Member

joined:Aug 30, 2005
posts:37
votes: 0


It may be just my browser or server setup then, but adding the trailing slash on a couple of links to a password protected directory certainly stopped double prompting for passwords in my case.
9:32 am on Dec 13, 2006 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:10544
votes: 8


could you possibly have another .htaccess file in another directory being accessed by (for example) css files or images on that page?
this may cause another authorization attempt.
if so, the AuthName directive is the "authorization realm for a directory" and i believe it's value must match the one in the root directory's .htaccess file.
you can see the text string for the authorization realm in the login screen.
10:19 am on Dec 13, 2006 (gmt 0)

New User

5+ Year Member

joined:Mar 24, 2006
posts:10
votes: 0


I had this problem once and the answer anoyed me:

If you're doing a redirect to a https:// url,
both http:// and https:// require separate auth from the user.

In this case the user will be prompted with the auth dialog twice.

Sean K.

11:16 am on Dec 14, 2006 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts: 10544
votes: 8


DataG, you can usually solve that problem by using relative path names, so it picks up the protocol and host from the request string.
11:46 am on Dec 14, 2006 (gmt 0)

Junior Member

5+ Year Member

joined:Aug 28, 2006
posts:144
votes: 0


mcavic, perhaps it should but it doesn't... At least not for me.

If i request a directory without the / i get prompted twice too, no matter what. Although it might be the settings, i use a pretty strict IE6. If i enter the login, and make it remember, it will record the info for the dir and dir/ separately too...

... on another note, ( and another site ) there's a separate .htaccess in the domain root doing redirects and ever since it's in place ( from /default.html to / ) the server would request the password for dir and dir/ all the same, except... it would show a 404 for the first request. ( i'm pretty lame with .htaccess )

3:57 pm on Dec 15, 2006 (gmt 0)

Preferred Member

10+ Year Member

joined:Aug 12, 2005
posts:411
votes: 0


Thank you everyone for helping.

Sorry, it took a while to reply but I was trying to learn the absolute path of the level above my public html so I could move my files there.

Once I moved the passwords file up to that level as suggested it seems to work fine now, but I need to do some more testing.

Thanks everyone for all your help!

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members