The easiest and most reliable way to do this is to use cookies instead of HTTP basic auth. Cookies can be used to accomplish basically the same thing as Basic Auth, except that you have a lot more control. See Apache::AuthCookie for an easy way to do this.