PHP: Use PHP to authenticate with .htaccess when uploading to a subfolder of the protected folder

I'm trying to upload files to the subfolder of a protected folder. Here is what the hierarchy looks like:

/basefolder(.htaccess)/tool/script.php

/basefolder(.htaccess)/tool/uploadhandler.php

/basefolder(.htaccess)/tool/files/here(subfolder)/

The simple .htaccess file for my basefolder is:

AuthUserFile "/path/"
AuthType Basic
AuthName "Admin Dashboard"
require valid-user

The script sends data to the typical php upload handler which attempts to save the file in the subfolder. When the code gets to this stage my browser prompts me for the user/pass again.

Is there a way to authenticate using PHP so that I don't get prompte开发者_开发知识库d for the password every time?

Exempt the upload.php file from HTTP password protection and use sessions or a cookie to set that the user is allowed to upload.

For example, in the PHP file with the upload form:

session_start(); 
$_SESSION['can_upload'] = true;
// this would only be set if the user could successfully access the upload form
// page; sessions are preferable to cookies since anyone could set a cookie named
// "is_allowed" to "1"—you would have to use some kind of token for validation
// if you used a cookie

and then in the PHP file handling file uploads,

session_start();

if (! isset($_SESSION['can_upload'])) {
  header("403 Forbidden");
  echo("You are not authorized!");
  die();
}

// user is OK, put your upload logic here