The .htaccess protected dir would have to be a gateway into the scripts. Otherwise the "okayed" user would be rechallenged for password after the .htpasswd file change. At least that is how it worked in a very quick and dirty test I did.

If the .htaccess protected dir was just used as a gateway, then you could handle filelocking and "who's on first" problems in the standard way -- vhat ever dat is.

But for this to work all subsequent pages might need to be dynamically served through scripts.

This might be made to function in a limited sense for special cases. Such as low load, and pages which can be served dynamically after authenticated entrance.

For me when it starts to get this complicated I go back and ask myself: "Why did I want to make it one-at-a-time in the first place?" ;-)

Claude