You can't restrict access to login with is_secure or credentials (http://www.symfony-project.org/reference/1_4/en/08-Security) because it makes no sense to do so. However you can do so to logout, which IMO makes just as little sense.
Scenario: backend/config/security.yml ------------------ default: is_secure: true credentials: admin ------------------ backend/modules/event/config/security.yml ------------------ all: is_secure: true credentials: moderator ------------------ Everything works just as I would expect; except that moderators cannot reach the logout page. (LOG: Action "sfGuardAuth/signout" requires credentials "admin", forwarding to "sfGuardAuth/secure") So I created: backend/modules/sfGuardAuth/config/security.yml ------------------ all: is_secure: false ------------------ Which did nothing to allow moderators to get to the logout page (LOG: Action "sfGuardAuth/signout" requires credentials "admin", forwarding to "sfGuardAuth/secure") I finally had to specifically allow moderator credentials: backend/modules/sfGuardAuth/config/security.yml ------------------ all: is_secure: false credentials: moderator ------------------ Why A) would setting is_secure to false not allow access and B) would logout behave differently than login? This seems a bug to me. -- You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-us...@googlegroups.com. To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en.