Basically,

    The web addresses of:

http://myserver/mydir     -- and --

http://myserver/mydir/

    are two separate 'contexts' for the web server which require the server to analize the security access requirements of mydir twice if the trailing '/' is omitted.

    The way I understand it is, when you request //myserver/mydir, the server checks the security context of pages in your 'document root' (or whatever the parent directory is) to see if you have access to a page called 'mydir'. When it discovers that 'mydir' is a directory, the server appends the trailing '/' and then it has to repeat the entire process again for the directory 'mydir/' before providing access to the index.html or other page in the 'mydir' directory.

    Conversely, if you had requested mydir/ originally, there is one the single security context check for the directory mydir before access to the pages are provided.

    Simply put if you just put mydir, then the server checks the parent directory for access permissions, finds that mydir is really the directory mydir/, appends the /, and then has to do the checks all over again for mydir/.

    So do your server a favor and always append the trailing / to directory names ;-)