Answers inline. On Mon, 12 Sep 2005, Boyle Owen wrote: > > -----Original Message----- > > From: Stefan-Michael. Guenther (in-put GbR) > > [mailto:S.Guenther@xxxxxxxxx] > > Sent: Montag, 12. September 2005 16:17 > > To: users@xxxxxxxxxxxxxxxx > > Subject: Re: [users@httpd] Apache checks authentication twice > > > > > > Hi, > > > > > I think you're right - the second application is really just another > > > instance of the browser. This might be because you are using > > > "target=_blank" in the link to force a new window. If you > > don't do this it > > > should use the same window and so retain the credentials. > > > > > Apache produces a directory listing for this dir, so there is > > no target=_blank > > in it. > > The point is: does a new window appear? If so, that is a new > instance of the browser. It will not inherit the cache of the parent > and so will not be in possesion of the login credentials. > > It may not be possible to solve your problem using Basic Auth... > > Rgds, > Owen Boyle > Disclaimer: Any disclaimer attached to this message may be ignored. > Absolutely right, I've run into it myself. IE sees the file extension, and triggers Excel (using an MS web library client, I forget the exact name) to issue a second HTTP request. Incorrectly, in my opinion, because it doesn't even evaluate the MIME type first; in fact, it ignores the MIME type entirely the last time I checked. And it didn't matter what the target was in our case, but I'm speaking from second hand knowledge on that part, so I could be remembering wrong. I do know that I had to create a separate Directory block with no authentication for MS Office files, because IE always (in our case) passed the URL to the MS web library client instead of making the request itself. Check your apache access logs - if the UserAgent string is that library instead of MSIE, then I'd bet that's the trouble. We were able to get away with turning off authentication on the Directory block containing the MS files because we were also using cookie-based session and authorization management, which redirected any attempts to access the files directly (w/o having logged in to get the cookies first) to the login page. Owen's right, IMO, you can't do this with Basic Auth alone. -- Craig Dunigan IS Technical Services Specialist Middleware - EIS - DoIT University of Wisconsin, Madison opinions expressed are my own, not the University's --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx