Nick, this does not sound right to me. Here is why: If your main HTML was protected by login, the user would be prompted to authenticate themselves before receiving the HTML. This would keep the browser from making further requests until authentication occurred. It sounds like in your situation, that main HTML is NOT protected, thus the browser receives it, parses it and then makes requests for additional resources, at which point authentication is triggered for the multiple resources the browser fetches in parallel. You need to ensure that the initial content triggers authentication, so that the subsequent requests can reuse the authentication information. If you look in your log files, likely you will see a 200 reply for the page, followed by many 401 replies for the resources. You should see a 401 for the page followed by a 200 for the page followed by 200's for the resources. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|