Website Access Restriction – Browser Handling

Using htaccess files to password protect directories on web servers is the traditional fast way to control access. Sadly the advance of the web, and use of integrated session systems has meant that many people are unaware of the difference between a website asking for a login, and their computer locking them out.

This isn’t helped by the way the prompt appears and behaves on many systems. Especially when using Internet Explorer on Windows. Windows 7’s use of a user profile icon seriously suggests that the user needs to log in to their computer again:

Internet Explorer

The problem with htaccess control is that it can seemingly lock up a computer, depending on which browser is used.

For example assume there’s a directory of 34 images and a gallery style web page that displays all of those images at once.

If a htaccess file that requests a valid user for access ends up in the image directory, that web page is going to prompt for a login when it tries to load an image. If the user cancels, it will forget about that image and move on to the second image. Since the second image is also protected and nobody has logged in, it may prompt for a login again.

There’s no cut-off, using Internet Explorer the user will be prompted 34 times before the page loads. I don’t expect most users will get anywhere near clicking cancel that many times.

Now Google Chrome, and Opera handle this gracefully, whereas Internet Explorer and Firefox don’t.

In Internet Explorer the password prompt actually locks up the browser window, there are only 2 ways out:

  1. Keeps clicking cancel, be it 2 times or a million
  2. Forefully terminate the browser and hope it doesn’t remember the page was open – most users probably restart the computer here

In Firefox the password prompt still locks up the browser window, but does only ask for a password once:

  1. Realise there’s a cancel and click it
  2. Forefully terminate the browser and hope it doesn’t remember the page was open – most users probably restart the computer here

Google Chrome and Opera are more sensible, they don’t lock up the browser window in addition to only asking once or twice:

  1. Realise there’s a cancel and click it
  2. Close the tab
  3. Close the window
  4. Forefully terminate the browser and hope it doesn’t remember the page was open – most users probably restart the computer here

Additionally, I like Opera’s approach where the login prompt is more part of the browser than it is part of the system, hopefully reducing confusion as to what needs a password.

Opera

Leave a Reply