How to achieve single htpasswd login with Apache when using both SSL and non-SSL web pages in a site?

[Dan Coutu]

I know there are a few Apache gurus out there, I've been banging my head 
on this one for days now and seem to be making no real progress.

A client has a website that's in pre-production. It is password 
protected via an htpasswd file (using Apache authentication here). Some 
of the pages in the site use SSL for secure data entry while all other 
pages should not use SSL.

When entering the site Apache properly does it's login thing and 
authenticates the user. The entry point is normally a non-SSL web page. 
When the user goes to a page that uses SSL they are prompted a second 
time, by Apache, to login!

Originally the redirection to/from SSL pages was done via PHP. Thinking 
that the use of Apache redirect or rewrite rules would help in resolving 
the problem I changed the implementation to use mod_rewrite instead.
It still doesn't resolve the problem.

Interestingly enough I ran across a case where the rewrite rules that I 
came up with ended up redirecting the user's browser to the NCSA web 
site when going to an SSL page! That's a totally weird one that I've 
never seen before. I can't for the life of me figure out how that one 
happened...

Anyway, I'm hoping that one of you bright souls out there has an idea of 
how I can get Apache to ask for login credentials only once.

Thanks for whatever ideas come up!

Dan