Welcome to WebmasterWorld Guest from 54.196.144.100

Forum Moderators: bakedjake

Message Too Old, No Replies

Prompted Twice for Password from Protected Directory

     

Jeremy_H

9:44 pm on Dec 6, 2006 (gmt 0)

5+ Year Member



Hello,

I am using a linux server, and I password protect a directory by using two files located in that directory:

.htaccess
.htpasswd

The directory currently is password protected, but when being prompted for my password, I am prompted twice.

I am prompted twice on different computers, operating systems and browsers.

Any ideas? Being prompted twice can be annoying.

Here's what my files look like:

.htaccess:

AuthUserFile /folder_path/folder_name/.htpasswd
AuthName "Login Required"
AuthType Basic
require valid-user

.htpasswd:

user1:coded_password1
user2:coded_password2
user3:coded_password3
user4:coded_password4

Receptional Andy

4:49 pm on Dec 8, 2006 (gmt 0)



A couple of possibilities:

- Is the directory protected by another mechanism?
- Is there any redirect after you enter the first password (see apache.org [httpd.apache.org])?

mcavic

3:30 am on Dec 9, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Or are there two .htaccess files? Maybe one in /folder_path, and another in /folder_path/folder_name?

physics

8:08 pm on Dec 9, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I think mcavic probably nailed it.
Also, .htpasswd should not be in a web directory. It should be in /home/you/passwords/ for example but not /home/you/public_html/foo/

Citrus

11:02 pm on Dec 9, 2006 (gmt 0)

5+ Year Member



The password file should be above your webroot if you can.
The reason you are prompted twice for a password is probably because you are requesting www.foo.com and not www.foo.com/.

Putting that forward slash on the end makes all the difference.

mcavic

11:13 pm on Dec 9, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



requesting www.foo.com and not www.foo.com/

That would result in two requests to the server, but the browser should remember the password and only prompt the user once.

Citrus

10:04 pm on Dec 10, 2006 (gmt 0)

5+ Year Member



It may be just my browser or server setup then, but adding the trailing slash on a couple of links to a password protected directory certainly stopped double prompting for passwords in my case.

phranque

9:32 am on Dec 13, 2006 (gmt 0)

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



could you possibly have another .htaccess file in another directory being accessed by (for example) css files or images on that page?
this may cause another authorization attempt.
if so, the AuthName directive is the "authorization realm for a directory" and i believe it's value must match the one in the root directory's .htaccess file.
you can see the text string for the authorization realm in the login screen.

DataG

10:19 am on Dec 13, 2006 (gmt 0)

5+ Year Member



I had this problem once and the answer anoyed me:

If you're doing a redirect to a https:// url,
both http:// and https:// require separate auth from the user.

In this case the user will be prompted with the auth dialog twice.

Sean K.

phranque

11:16 am on Dec 14, 2006 (gmt 0)

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



DataG, you can usually solve that problem by using relative path names, so it picks up the protocol and host from the request string.

photopassjapan

11:46 am on Dec 14, 2006 (gmt 0)

5+ Year Member



mcavic, perhaps it should but it doesn't... At least not for me.

If i request a directory without the / i get prompted twice too, no matter what. Although it might be the settings, i use a pretty strict IE6. If i enter the login, and make it remember, it will record the info for the dir and dir/ separately too...

... on another note, ( and another site ) there's a separate .htaccess in the domain root doing redirects and ever since it's in place ( from /default.html to / ) the server would request the password for dir and dir/ all the same, except... it would show a 404 for the first request. ( i'm pretty lame with .htaccess )

Jeremy_H

3:57 pm on Dec 15, 2006 (gmt 0)

5+ Year Member



Thank you everyone for helping.

Sorry, it took a while to reply but I was trying to learn the absolute path of the level above my public html so I could move my files there.

Once I moved the passwords file up to that level as suggested it seems to work fine now, but I need to do some more testing.

Thanks everyone for all your help!