The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Double Login on Password Protected Directories

Discussion in 'General Discussion' started by ene, Mar 8, 2004.

  1. ene

    ene Member

    Joined:
    Aug 21, 2003
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Atchison, KS
  2. Webworks1

    Webworks1 Member

    Joined:
    Mar 25, 2003
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    I have noticed the same issue.

    While l know the obvious solution is just using the www, it is an annoying little bug.
     
  3. Webworks1

    Webworks1 Member

    Joined:
    Mar 25, 2003
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Well I did a little digging and found the reason this occurs. This is straight out of the Apache manual:

    Why does it sometimes ask me for my password twice?
    When entering a password-protected web site for the first time, you will occasionally notice that you are asked for your password twice. This may happen immediately after you entered the password the first time, or it may happen when you click on the first link after authenticating the first time.

    This happens for a very simple, but nonetheless confusing, reason, again having to do with the way that the browser caches the login information.

    Login information is stored on the browser based on the authentication realm, specified by the AuthName directive, and by the server name. In this way, the browser can distinguish between the Private authentication realm on one site and on another. So, if you go to a site using one name for the server, and internal links on the server refer to that server by a different name, the browser has no way to know that they are in fact the same server.

    For example, if you were to visit the URL http://example.com/private/, which required authentication, your browser would remember the supplied username and password, associated with the hostname example.com. If, by virtue of an internal redirect, or fully-qualified HTML links in pages, you are then sent to the URL http://www.example.com/private/, even though this is really exactly the same URL, the browser does not know this for sure, and is forced to request the authentication information again, since example.com and www.example.com are not exactly the same hostname. Your browser has no particular way to know that these are the same web site.
     
  4. dogslife

    dogslife Member

    Joined:
    May 29, 2003
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Thank you! I have had several people just this last week ask me about this, and now I can send your find on to them.

    :)
     
Loading...

Share This Page