Hi all. I have a mod_perl module I wrote that is for a client. Here's how it works:

They click on a pdf link that goes into their directory and they get the htaccess popup.
They enter their username and it is validated against the database based on their username and what directory they clicked on.
If the authentication is ok they are allowed to view the file, if not they are asked again for their username and passwork.

Here's where I have a problem.. Say I login as one company and view a pdf. Then I logout of the system and login as another company.. And try to view another customers pdf file (which for this example I don't have access to because I last logged in a customer 1) the system lets me in. My question is.. Is the security check not happening or is my code wrong? It seems like the security check would fail if the browser send the same username and password as it used the last time.

Thanks for any help or pointers