Hi. I tried searching first but couldn't find anything on this.

I used a .htaccess file to restrict access to some directories where I placed image files (jpg) and video files (avi).
I did not put an index file into the directory because I want people I give access to to just be able to look at the directory listing and click on what they want to view.
There are no problems with the image files but when I click on an avi file it asks for authentication again every time.

Why is it doing this for the video but not the image files and why is it
doing that at all? Once a user authenticates they should be good to go right?! How can this be fixed?

Thanks!

Once a user authenticates they should be good to go right?! No, not really. That's not how HTTP authentication (http://en.wikipedia.org/wiki/Basic_authentication_scheme) works.

A web browser will cache the authentication credentials (until the browser is closed) and present them to the server each time it requests something from the password protected directory (e.g. the images).

The video files will not be handled directly by your web browser, but will be handed off to a plugin or application, for Windows that's usually Media Player. When the video is closed, the plugin or application is closed and with it the authentication credentials are lost.

I can't really think of an easy way to prevent this from happening.

-Arthur

You'd probably need to setup session-based authentication and send the session ID as part of the URL. Your users should however be able to right-click on the link and save it to their local desktop, where it should play from fine.

Ok I see thanks for the info.

I wonder if there is a security setting in the media player that can prevent this from happening?

As for session based authentication I have not used this before and it's something I can look into.