Using the Plesk panel for a Windows hosted website, I can setup a username/password to protect a directory. The first time I access it I'm prompted for the username/password and that works fine. My issue is, after closing the session and even quitting the browser and then accessing the protected directory, I'm not prompted for the username/password again and have full access to the protected directory.
This sure seems like a flaw. If the protected directory is accessed from a shared computer or public computer, then that protected directory will be available to anyone after it is accessed the 1st time w/ the proper username/password.
It's like a cookie or something is stored by the browser and once the username/password is entered, no matter closing the session and/or the browser and coming back again ... a prompt for username/password is not needed.
Is there a way to have the permission to access the password protected directory expire when the session is closed?
Hi @MikeE3. Thanks for being part of GoDaddy Community! I was able to duplicate this but only on Chrome and that with the option for it to run in the background turned on. The same issue didn't happen in FireFox. Also, closing all Chrome windows and then exiting out of Chrome from the task tray cleared up the issue as well. It seems possible that this is what is happening in your case. Cookie settings would be specific to the user's browser. Hope that helps.