.htaccess resitrict a single file

[ackerley1]

Hello,

I would like to resitrict the initial access to a single file using .htaccess. I tried through CPanel, but that is for whole directories and I don't have the know how to write this on my own.

The one file is part of a cart system that steps through the same file 4 times (Product Select, Ship/Bill info, CC info, Order Confirm). I do not want the password to be triggered each step of the way just on the initial page request.

Is there a way to do this with .htaccess?

Please advise.

Thanks

Rob

[andyf]

Hello,

I would like to resitrict the initial access to a single file using .htaccess. I tried through CPanel, but that is for whole directories and I don't have the know how to write this on my own.

The one file is part of a cart system that steps through the same file 4 times (Product Select, Ship/Bill info, CC info, Order Confirm).
I do not want the password to be triggered each step of the way just on the initial page request.

Is there a way to do this with .htaccess?

Please advise.
Rob

I don't think creating .htaccess would help you for doing so rather you should try it by writing some code for it.

[ackerley1]

Andyf, Could you elaborate any more on this?

[wige]

When you use .htaccess, or more accurately an .htaccess and .htpasswd HTTP Authentication system, to password protect part of your site, the username and password are required each time a page is requested. However, the user's browser will remember the username/password combination and will send the information each time after the initial prompt, which I think is what you are trying to achieve.

Unfortunately, HTTP Authentication is a per-directory directive. This means you can only specify a directory to be protected, and not a single file. Unfortunately, this protection is done at the system level, so using a rewrite rule would not be a workaround in this case. Probably you would need to reprogram the actual page to request the username and password and store those values in a session variable. Bear in mind that unless this is done via HTTPS, the username and password are transmitted in plain text and thus not very secure.

[andyf]

I agree ackerley1 .htaccess allows password protection at directory level and not for a certain file level.

The one file is part of a cart system that steps through the same file 4 times (Product Select, Ship/Bill info, CC info, Order Confirm). I do not want the password to be triggered each step of the way just on the initial page request

IMHO you will have to work on Cookies and sessions through programming.....( php JSP etc. )