Funny that I was just reading the Apache docs about this earlier today. If you're using Apache, and have the ability to set per-directory .htaccess (which I assume you do), look at: http://httpd.apache.org/docs/howto/auth.html#basicworks You can configure your various secured directories such that they are named under one authentication name, or "realm", to which browsers will send the same auth info on every request. This prevents the constant auth logins when changing directories.

Try adding the line:
AuthName "Our Protected Stuff"
to your .htaccess file and see what happens. I've not tried this, but will soon have a need for it. Let me know how well it works.

-Shawn
(P^h) Phaysis
If idle hands are the tools of the devil, are idol tools the hands of god?