Home/ Questions/Q 8283901
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-08T10:54:25+00:00

Might there be a way to set one’s .htaccess file to prompt for authentication

  • 0

Might there be a way to set one’s .htaccess file to prompt for authentication each time? Example: I open a browser tab, go to the pw protected url, I’m prompted for a pw. Close the tab (main browser still open) and repeat the above and be prompted for the pw again. This is not happening unless I close the browser. Maybe this is a caching thing?

Here’s what I have so far:

AuthType Basic
AuthName "myName"
AuthUserFile "/home/myDir/.htpasswds/public_html/myName/passwd"
require valid-user

Thanks in advance.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Actually it is working this way (simplified):

    • browser sends request to your server without credentials
    • Apache responses with 403 error because “require valid-user” was specified
    • browser prompts for username & password
    • browser sends request again, this time credentials are provided
    • Apache verifies credentials against AuthUserFile and sets “valid-user” accordingly
    • if everything is OK – puts out data with 200 status code
    • browser that receives 200 code caches used credentials for the relevant domain until browser session expires

    As you see – problem lays in browser. You cannot force browser to forget password it uses for a domain. And usually you don’t want to – for example if password protected page contains images – browser would require username and password for each downloaded image.

    However there are some tips you could try:

    • you could write your own Apache authorization handler that only authorises user every second time it is accessing the page; but it’s hard to do really
    • you could use some kind of form-based authentication (in script like php or asp.net) instead of relying on http authentication; this way is quite flexible
    • you could do a trick, that every time a protected page is accessed some kind of script changes the password in passwd file; then provide two passwords for each user and switch them on each request; this way browser always remember “wrong” password; it seems crazy but this is an easiest solution I could think of 🙂
    • 0