Didn't hear from anyone on users, so I thought I would try here. You can disallow access to the signout page using credentials.
You can't restrict access to the login page using is_secure or credentials (http://www.symfony-project.org/reference/1_4/en/08-Security), this is because it makes no sense to do so. However you can do so (restrict access with credentials) to logout, which IMO makes just as little sense. Scenario: backend/config/security.yml ------------------ default: is_secure: true credentials: admin ------------------ backend/modules/event/config/security.yml ------------------ all: is_secure: true credentials: moderator ------------------ Everything works just as I would expect; except that moderators cannot reach the logout page. (LOG: Action "sfGuardAuth/signout" requires credentials "admin", forwarding to "sfGuardAuth/secure") So I created: backend/modules/sfGuardAuth/config/security.yml ------------------ all: is_secure: false ------------------ Which did nothing to allow moderators to get to the logout page (LOG: Action "sfGuardAuth/signout" requires credentials "admin", forwarding to "sfGuardAuth/secure") I finally had to specifically allow moderator credentials: backend/modules/sfGuardAuth/config/security.yml ------------------ all: is_secure: false credentials: moderator ------------------ Why A) would setting is_secure to false not allow access and B) would logout behave differently than login? This seems a bug to me. -- You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en.
