I have an Apache 2.4 server running with PHP and MySQL included. I have pages that are restricted (or are supposed to be) to certain users only. Each user has their own restricted page and must supply a username and password to access it. Inside the homepage is a button that redirects them to the index.html page using <a href="../index.html"><button type="button" class="btn btn-success btn-sm">Return To Landing</button></a>.
My issue comes up when a user authenticates to their homepage, and then navigates back to the index where users select their page. After logging in and backtracking back to the index.html page, they can jump onto other users secure pages without providing a username and password for it.
Here's what I have for the .htaccess files for each users folder, where their homepage resides:
AuthUserFile C:/Server/data/htdocs/creds/.htpasswd
AuthGroupFile /dev/null
AuthName "Password Required To Proceed"
AuthType Basic
<Limit GET POST>
require valid-user
require user [username]
</Limit>
<Files .htaccess>
Order allow,deny
Deny from all
</Files>
php_value memory_limit 2048M
php_value post_max_size 6250M
php_value upload_max_filesize 6144M
php_value max_input_time 600
php_value max_execution_time 600
