Actually, it's the browser behavior that is causing this. Here's what is happening...
- You tell your browser to go to:
http://sample.com/password_directory
- The server tells your browser that authentication is required, and so the browser prompts for a password.
- The user types in the password.
- The server then redirects the browser to http://sample.com/password_directory/ (with a slash on the end), because the address is not actually valid without the trailing slash.
- With some browsers (most notably Internet Explorer), instead of continuing to provide the same authentication information it was already provided, sees the slash on the end of the directory name and thinks you've gone to a different web address and prompts you for the authentication information again.
In other words, it's a browser issue. Anyhow, one workaround to this issue is to always put the slash on the end when linking to the address and then all browsers (even Internet Explorer) will only prompt once.