This question must be confusing because I've always been answered very quickly.

I'm not sure what to add - but I did remove the checkmark, and the site was totally open, no password required.

When I put the checkmark back, it asks for a password to enter, and then after you are there, and click the gallery link, it asks for it again.

Let me see if I understand this. You have set up a password-protected directory with a number of authorized users. Correct? They go in to this directory and are asked for their ID and password. So far, so good? They go in a second time to the same directory (or one under it), and are again asked to sign in?

By any chance, do these users have their browsers configured not to permit cookies? I think the password permission system uses a cookie to remember that you've already signed in once for this session, and don't need to be asked again. Try enabling cookies that last until the end of the session (not permanent or long-term cookies).

Hmm. You're using password-protected directories through cPanel, and not ID/password assigned through some application such as SMF? Let's say the password-protection is on directory protected/. Where are the files for download, and where is the photo gallery, in relation to protected/? What is the exact sequence of operations, and you're positive that both times you're getting the same browser prompt for ID and password? It's not one prompt from the browser for the directory password and the other a (different) prompt from the gallery application? How different are the URLs that you're getting to the files or gallery -- say, coming in under different domain names? Finally, I repeat my question about cookies -- do you have cookies enabled (at a minimum, cookies that expire at the end of the session)?

I think stockthestore.com and www.stockthestore.com are being treated as two different domain names, for the purpose of password protection. It may be that they are resulting in two different cookies being used. If you can change the links to match each other (use the same name), that might work. Otherwise, you might be able to redirect the URL (in public_html/.htaccess) by adding www. to one address or deleting it from the other, to make them consistent.

It's worth a try. The idea is to have everyone come in to your site through the same domain, so that there will be only one cookie instead of two (for the password access). If it doesn't work, you can always back out the change and try something else.

Don't forget to clear out your cookies (at least, the two for your site) and your browser cache after making the change.

If your public_html/ directory is password protected, that password will apply to your entire site. Do you want to have the password apply only to part of the site? If so, you will need to remove the password protection from public_html/ (or "/") and create it for "deeper" directories, such as public_html/jpegs/ (or "/jpegs").

While stockthestore.com and www.stockthestore.com are just different names for the same site (your public_html/ or "/" directory), as far as I know, the password protection considers them to be different (you get passwords stored in different session cookies for the two names). If you have a public_html/index.html that points to the jpegs directory, you can just edit that file to ...href="http://www.stockthestore.com/jpegs... or even just ...href="/jpegs.... Feel free to edit any index.htm or index.html file -- you can use cPanel > File Manager, navigate to the directory the file is in, click on the file name, click on "edit the file" (on the right side of the screen). Just edit index.* files until you end up with consistent site names (all with or all without "www."). You don't need the site name if you're pointing to a directory and file on the same site -- just give /jpegs/index.htm or whatever.