The issue I just posted seems to be related to the problem you describe:
I was able to reproduce an issue using the HTML 5 audio tag and the drupal_goto method in Drupal. In both cases, in Safari 5.0.5 and Safari 5.1.2, in the apache logs, the initial requests to the page include the authenticated user, but the request to download the audio file or the request to go to a new page somehow did not send the authentication information because the request in the log doesn't include anything.
So for example, I am authenticated by apache and submit a form. The page processes the form then uses drupal_goto to redierct to another page. From Chrome, the following appears in the apache log:
::1 - tom [02/Feb/2012:17:23:46 -0500] "POST /drupal/node/6?q=node/6 HTTP/1.1" 302 502
::1 - tom [02/Feb/2012:17:23:46 -0500] "GET /drupal/node/8 HTTP/1.1" 200 3019
When I do the same thing in Safari:
::1 - tom [02/Feb/2012:17:25:50 -0500] "POST /drupal/node/6?q=node/6 HTTP/1.1" 302 502
::1 - - [02/Feb/2012:17:25:50 -0500] "GET /drupal/node/8 HTTP/1.1" 401 401
::1 - tom [02/Feb/2012:17:25:55 -0500] "GET /drupal/node/8 HTTP/1.1" 200 3019
The request after the goto doesn't include authentication information - and I have to put in my username and password.
This is an annoyance in the case of redirection - having to reauthenticate every time - but in the case of HTML 5 audio it is fatal. The audio file specified in the source tag simply does not load.
Weird, it's most definitely working for me now. Tested on three different computers (Lion and Mountain Lion): the webpage login details are not in Keychain and on basic 301, 302, 303 and 307 redirects the "Authorization:Basic" is included in the redirected HTTP header as expected, so I am not getting a second login prompt. That was not happening before Safari 6.
Happy to see that it's not my code is not the cause of the problem.
One possibility to escape to this bug under Safari, might be to generate a time-limited link, and this only if the user it is authenticated on the page. I'm using PHP, so I should be able to obtain a fix with "PHP_AUTH_USER" or similar.
I'm not really expecting that Apple will correct it...
Has there been any update on this? I just begrudgingly updated to Lion from SL and am having this problem with all of our joomla sites. We have the admin directories for all of our client's joomla sites protected via htaccess. Now whenever I try to work in the admin section of one of these sites I am constantly asked for the htaccess login info as I perform various tasks in the back end. That makes Safari absolutely unusable.
I've seen a few suggestions in this thread, but no one has confirmed that any of them work.
Had the same problem with Safari asking me over again for authentication after login to my website.
The wollowing steps made it working for me:
First I added "satisfy all" and "options -Indexes" to the .htaccess in my "restricted_subdirectory":
AuthName "Restricted Area"
Then I added a .htaccess file to every subdirectory ( /js /images /css - every folder that's related to the script) with only
I'm not sure this is a proper solution but that made it working for my simple needs. Maybe it works for some of you guys as well. .