RFC 2617, section 2 states:
A client SHOULD assume that all paths at or deeper than the depth of the last symbolic element in the path field of the Request-URI also are within the protection space specified by the Basic realm value of the current challenge. A client MAY preemptively send the corresponding Authorization header with requests for resources in that space without receipt of another challenge from the server.
If you are using Digest Challenge, section 3.2 states that you may specify a domain
in the WWW-Authenticate
header to indicate what the protection space will be. I would try setting that to something like domain=/
. I am not sure if this will work with Basic authorization, but it wouldn't hurt to try it; if not, Digest authorization is not much more difficult to work with and is a bit more secure.