URGENT: .htaccess - requires multiple logins to work

Hey - At work trying to get our company’s website to function correctly. Our customer are calling and complaining that they cant log in. Any help is grately appreciated.

The problem: .htaccess is requiring multiple login attempts before granting access to protected folder

Quick Background:
We have an e-commerce website (oscommerce) that is behind a password protected folder. Our business is strickly wholesale so we don’t want our cart to be accessible to the public. We recently moved our site from a Godaddy to shared account to a 1and1 VPS. After much trial and error we got our VPS up and running (for the most part). This is our latest issue which just came up after we pointed/setup our primary domain to our VPS.

We have a folder for our shoping cart which is password protected. The following .htaccess is in that folder:

AuthName "If you are experiencing any difficulties with your login please give us a call at 1(800)xxxxxxxx." 
AuthType Basic 
AuthUserFile /var/www/vhosts/mydomain.com/httpdocs/.htpasswd 
AuthGroupFile /dev/null
require valid-user

Our .htpasswd file is in the correct folder and works because after several attempts login is granted.

Our shopping cart which is an Oscommerce based cart has two configuration files that have settings to specifify the domain. We have our domains setup as follows:

// * DIR_WS_* = Webserver directories (virtual/URL)
  define('HTTP_SERVER', 'http://www.xxxxxxxx.com); // eg, http://localhost - should not be empty for productive servers
  define('HTTP_CATALOG_SERVER', 'http://www.xxxxxxxx.com);
  define('HTTPS_CATALOG_SERVER', '');
  define('HTTPS_SERVER', ''); // eg, https://localhost - should not be empty for productive servers
  define('HTTPS_ADMIN_SERVER', '');
  define('HTTP_COOKIE_DOMAIN', 'http://www.xxxxxxxx.com);
  define('HTTPS_COOKIE_DOMAIN', '');
  define('HTTP_COOKIE_PATH', '/shop/');

Other Notes:
I have noticed that there are other .htaccess files in some of the other sub folders of our cart. Could that cause the problem?

Also, could it be that we need a redirect? I’ve tried access the site from differerent variations of our domain such as: http://mydomain.com and http://www.actionsparts.com but it’s the same problem.

Have also tried delete browser’s caches and have tried it from multiple browsers.

All tips and suggestions welcomed.

Thank you kindly in advance.


OSCommerce, as the predecessor to ZenCart, should protect its own admin directory via coding in the admin/index.php file. I’ve upgraded long ago so I’ve got to suggest that you check that for OSC, though. Anyway, if you ALSO use Apache’s directory protection, you MUST EXPECT two username/password challenges to get into the admin section.