I would say probably not because .htaccess passwords are encrypted and the list of allowable usernames is stored in a file. That would mean that every time a user registered you would have to grab their password, encrypt it into .htaccess, and add the username to the list. Also, I don't believe its possible to bypass the login screen since the first file read in a directory with .htaccess is .htaccess itself, which means that you could not have a file to check if they were already logged in until they were already past the .htaccess login screen. I hope that makes sense and helps a little.

yes that makes sense. I'll keep searching and if worse case I'll just have to have them log in twice.

Thanks

Something that might be a little bit of work but that I use extensively is to create an include file that basically checks to see if the $user and $pass are valid. include_once that script into all of the pages that are protected and remove the .htaccess.

I have something similar right now using a session manager to protect all my pages that I want to be for admin use only. My problem lies that I have a few cgi's that are in /cgi-bin/blah/

Thanks