I knew I could do the auth in the httpd conf itself, but the system we have is very dynamic.. We drop files in and they get pushed externally via rsync and we don't have to restart the httpd daemon.. it's a convenience thing and speed isn't an issue on this server. Thanks Boyle. I suspected that I would have to come up with another server-side system, I was just hoping I was wrong. Cheers. --Andy Boyle Owen wrote: > That's not how basic auth works. There's no real login or session from the server's POV. The browser has to get a 401 Unauthorized before it knows that the resource is protected. That's what makes it prompt for a user/pass. Then it caches the credentials and submits them with every subsequent request in that realm. > > To do what "the management" want, you need to build a session and that means cookies and server-sided logic (PHP, CGI, Cocoon etc..) > > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx