[thelist] Usability of .htaccess for passwd protection
Eric Cestari
eric at ohmforce.com
Tue Feb 20 05:27:23 CST 2001
Hi Tony,
See my answers below,
Tony Grimes wrote:
>
> Hi guys,
> I'm thinking of using .htaccess to password protect a download
> directory on a server that's running Apache. I'm worried about the
> usability of this method. Will the user have to re-enter the password
> everytime he/she tries to download a file from the directory?
No, the user will only enter it once. authentication will be sent back
by the browser automatically in the header.
As long as the user does not quit his/her browser, no need for more
authentication.
> What if they
> explore the rest of the site (that's not protected) and come back to the
> protected directory later?
See above :)
> If so, is there a way to use cookies in
> combination with the .htaccess file without using a separate password
> protection script?
Well it is quite independent. But cookies can be used to achieve the
same goal.
Cookies (or more broadly sessions) are often used for authentication
because they provide a more flexible way to protect data. (it is used on
a per-file basis, whereas .htaccess is per-directory)
>TIA
>
> .tony
Eric
--
==================================+========================
Eric Cestari | Ohm Force
Chief Web Designer | Digital Audio Software
mailto:eric.cestari at ohmforce.com | http://www.ohmforce.com
==================================+========================
More information about the thelist
mailing list