.htaccess - login popup appears multiple times


I’m fairly new to linux/unix, but I am learning.

I’ve had this issue with php code I’ve written in the past, but I’m now having it with DreamHost’s one-click install program “Trac” - it’s a task tracking software solution.

I manually edited the .htaccess file that was in the Trac directory and added these lines:

AuthUserFile /home/my_user/.htpasswd
AuthType Basic
AuthName "User Login"
Require valid-user

When I go to the Trac website, the Authorization box comes up - I enter my information, but then the box appears again multiple times.

I finally hit “Cancel” which results in the HTML formatting of the page to be incorrect. Once I click on another tab on the site, everything runs fine and the formatting is restored to normal.

In the past, when I used DreamHost’s web panel to automatically set up .htaccess on a directory that I had custom php code for, it usually would work fine on some browsers, but other browsers, I would encounter the same problem, the authorization box would appear for seemingly every asset requested, etc…

What do I need to change so that the Authorization Login box only appears once instead of multiple times?

Any help with this would be greatly appreciated!

Could part of this be due to the fact that below the Trac directory (where the .htaccess has permissions is for) is the logic directory for the python scripts for Trac?

Is there an issue with a directory that is password protected having to access files outside of its protected range?

I have the same problem with WordPress. I set up password protection for the wp-admin directory but then got nothing but 404 Not Found when I logged in. DreamHost Support put a workaround in the root htaccess file and moved some stuff out of it into the htaccess file in wp-admin. That let me log on but all the stylesheet formatting was gone. Next, DreamHost Support moved everything from the main htaccess file into the one in wp-admin.

I now needed to log on three times. Twice in the Authorization box, then I’m taken to the WordPress logon. And sometimes, as you say, at other times while I’m already logged on seemingly at random. This worked OKl (except for having to log on three times and the WordPress SuperCache plugin no longer worked) until I made a new post or updated one. WordPress would automatically generate a new htaccess file in the root for the WordPress rules. When that happens, I am back to no formatting and 404 Not Found.

I finally discovered that I needed to add error handling to the wp-admin htaccess file. I was then able to move the WordPress and SuperCache rules back into the root htaccess file. The line I added to the top of the htaccess file in wp-admin is
ErrorDocument 401 default

After that WordPress worked normally but I still have to log on three times. DreamHost said that it had to be that way because I’m using password protection. It is annoying but I can live with it. However, I don’t know if my other authors, editors, and contributors are going to like it.

There must be a way to fix it so there is just one log on.

Ok, I have narrowed down my problem with the login problems with Trac.

I found both in the auth.py python script and http://trac.edgewall.org/wiki/TracCgi#AddingAuthentication, that Trac expects the path to /login to be set up to expect user authorization.

In Trac’s wiki documentaion, the example only shows how to set this up via the directive in the Apache configuration.

I could find nowhere in the documentation explaining how to do this via an .htaccess fie. I tried creating a /login path manually and put an .htaccess file within it, but that did not work.

Is there any way to create the equivalent of directory access to cause user authorization that is identical in function like the or directives do but via .htaccess?

Any help would be appreciated.

P.S. SleeplessinDC - I know, it’s annoying as hell…

I’ve been wrestling with this one as well, and I just figured out the solution. The problem is the htdocs_location field in trac.ini. The one-click install sets it to something like this:

htdocs_location = http://domain.com//trac/htdocs

This causes problems because sometimes your browser will do a GET on host domain.com and sometimes on host www.domain.com. Since the host is not the same for all the GETs, Apache wants to authenticate again. Changing htdocs_location to this fixes the problem:

htdocs_location = /trac/htdocs

Of course the actual value needed depends on where you installed Trac under your domain.

Thanks, I was working for hours trying to figure out why it kept on repeatedly asking for a log in.

THANKS! This worked perfectly - saved me a lot of time.