It shouldn't be doing that to begin with. That kind of behavior is either due to the browser not passing on the authorization response (ie the encoded username and password) on subsequent requests or multiple .htaccess files specifying different realms or user/group files.
The way it works is that the server always requests authorization. It's up to the browser to get the credentials from the user and remember them so it can automatically provide them for the duration. So some problems involve a race condition (eg the browser requests two protected images at the same time but from a non-protected page) or the browser is working with different sessions (ie one window doesn't know what another window is doing)
Something out of the ordinary is happening and if you can't figure it out then it sounds like you are going to have to resort to authentication using CGI scripting instead. Are you able to duplicate this behavior yourself? It may very be browser / browser version specific.
Customer since 2000 openvein.org