http://www.perlmonks.org?node_id=262830

belize has asked for the wisdom of the Perl Monks concerning the following question:

I've protected a directory of a website that is secured with .htaccess. Inside that directory I have a number of pages and cgi's (forums, downloads, etc.) that only members should be able to access.

Access works fine, but the problem is that each time a new linked within the directory is followed, the members have to re-enter the password and username, instead of only having to enter it once and then have complete access to the directory and subdirectories throughout their session.

I thought that htaccess writes a cookie when the correct username and password are entered. What am I missing?

Replies are listed 'Best First'.
Re: Creating a protected area of website
by arthas (Hermit) on Jun 03, 2003 at 23:18 UTC

    .htaccess authentication doesn't use cookies: the browser sends the password to the client againa t every page request in the protected directory or subdirectory of that. Usually, the user only has to enter the password one, and that's the behavior I notice on my web server with all the browsers I use (Mozilla, and rarely MSIE but it works).

    Maybe it's a particular problem of your browser, or you need to tweak your server's configuration.

    Michele.

      In theory then, if I use htaccess in the root directory, the user should only have to login one time and then be able to browse about the website without having to enter the password again? Not happening though I have used MSIE and Mozilla on PC's and Macs.

      Is this the typical way to password protect an entire website? If so, is there some configuration that would produce this kind behavior?

        The password is entered every single time. Its just that your browser remembers the password after the first time you type it in successfully and enters it automatically. For more information than you really want on how authentication works, go read RFC 2617.

Re: Creating a protected area of website
by allolex (Curate) on Jun 04, 2003 at 06:24 UTC

    Have you double-checked your AuthName in each of the directories? It has to be the same since Apache is capable of defining any number of "areas" where separate authentication is required. The authentication info is stored (AFAIK) in browser memory, not in a cookie.

    Also have a look at the Apache mailing lists since this is, like the others have said, not really a Perl question.

    --
    Allolex

      Thanks Allolex, the perfect response for me. Will follow up your suggestions.

      I still don't understand why questions of permissions/authentication/security don't belong in a Perl forum as I've run into all three problems while coding, but I will take PerlMonks word for it as I am a relative new comer/amateur at coding perl.

        Well, since you asked... ;)

        There are a lot of areas where different skills overlap. In order to run a web server, you might have to have knowledge about server software, HTML, and a language for creating dynamic content. I guess it's safe to say that most residents of the Perl Monestary are working toward making this site really good for the Perl programming language, with excellent and/or productive advice at every turn. The monks want to avoid giving mediocre advice on other areas.

        More specifically for you, setting up your server correctly with Apache authentication is a prerequisite to running Perl on your server (If I guessed right about your motivation.), but it has to do with the ins and outs of Apache. If you had asked how to set up authentication using Perl and CGI, you would have gotten a completely different response. Have a look at this node. (Then again because that node already has some really good answers, you probably would have been told to use Super Search, look at the Tutorials, and have a look at jeffa's node "How (Not) To Ask A Question".)

        --
        Allolex

Re: Creating a protected area of website
by TomDLux (Vicar) on Jun 03, 2003 at 23:24 UTC

    Stupid question, but why are you asking this at a perl website? Maybe someone will give you the correct information, maybe you'll have to wait a few days to get it.

    Why don't you go looking at the Apache web site? You're much more likely to find the correct information there.

    A reply falls below the community's threshold of quality. You may see it by logging in.