PHP and htpasswd

Question

I have a structure like this:

/home
/home/dir1
/home/dir2

Now when someone goes to /home, he is asked for username and password (in a form) and I set session information in PHP for the remaining files of /home. Now /home/dir1 and /home/dir2 are protected by htpasswd but the same username and password. I dont want the user to re-enter their username and password again when they go to /home/dir1... Also when I logout from /home, I want to logout from /home/dir1 also. Can you please advice on how to achieve this?

Answer 1

This should be the default behaviour.

That is, if you are using Apache and .htaccess files to set up HTTP authentication, any rules you apply to a directory will also apply to its child directories, and it will be treated by the browser as all one login.

If you want it to act differently, ie if you wanted some sections of the site to be treated as requiring a completely separate login, you would specify a 'realm' for each section using the AuthName directive in .htaccess. More information here. However, if you don't do that, it will always be treated as all part of the same login.

The thing about HTTP authentication is that there is no way to 'log out', at least not unless the browser provides that feature. The only way most browsers will allow you to log you out is by ending the browser session (ie closing the browser). And yes, once you do this, you'll be logged out of /home, /home/dir1, /home/dir2 and all directories on all sites/realms.

Answer 2

In Apache as long as both folders have the same AuthName and are on the same site they should share a password.

Both directories might have a .htaccess file like so:

AuthName "My Protect Folder"
AuthType basic
AuthUserFile /somewhere/htusers
require valid-user