At the bottom of url-get-authentication, there is a sexp that looks  
like this:

   (if (and scheme (fboundp scheme))
	  (funcall scheme url prompt
		   (and prompt
			(funcall scheme url nil nil realm args))
		   realm args))

What this says is that if the scheme succeeds, the same function is  
called again and the user/pass authentication info overwrites whatever  
was previously stored.  However, if prompt is t, the user gets  
prompted _every_ time a page requiring authentication is accessed --  
even if they have already successfully authenticated.  This is because  
there is an (or (and (not retval) prompt) overwrite) sexp inside url- 
digest-auth, meaning that overwrite true == show prompt, even if  
authentication succeeded on the previous pass.

The solution to this is yet another version of url-digest-auth (which  
includes my previous fix):