This forum is in READ-ONLY mode.
You can look around, but if you want to ask a new question, please use the new forum.
Home » plugins » User management plugins » sfGuard does not force user to authenticate
sfGuard does not force user to authenticate [message #55863] Thu, 10 July 2008 04:47 Go to previous message
doza  is currently offline doza
Messages: 3
Registered: December 2007
Junior Member

I am trying to implement sfGuard with 1.1. I have the plugin installed and (think) I followed all of the instructions on the plugin documentation page, but I have an issue. I tried to secure my whole application to test it out, but I am never prompted to login. It just lets me go straight to the page that I have requested.

Here is the log that is generated when I access a page (

1	Info PatternRouting	Connect "/"
2	Info PatternRouting	Connect "/symfony/:action/*"
3	Info PatternRouting	Connect "/:module"
4	Info PatternRouting	Connect "/:module/:action/*"
5	Info PatternRouting	Connect "/login"
6	Info PatternRouting	Connect "/logout"
7	Info PatternRouting	Connect "/request_password"
8	Info PatternRouting	Connect "/login"
9	Info PatternRouting	Connect "/logout"
10	Info PatternRouting	Connect "/request_password"
11	Info FrontWebController	Initialization
12	Info PatternRouting	Match route [default_index] for "/:module"
13	Info WebRequest	Request parameters array ( 'action' => 'index', 'module' => 'user',)
14	Info Context	Initialization
15	Info FrontWebController	Dispatch request

Here is my routing.yml

# default rules
  url:   /
  param: { module: default, action: index }

  url:   /symfony/:action/*
  param: { module: default }

  url:   /:module
  param: { action: index }

  url:   /:module/:action/*

  url:   /login
  param: { modules: sfGuardAuth, action: signin }

  url:   /logout
  param: { modules: sfGuardAuth, action: signout }

  url:   /request_password
  param: { module: sfGuardAuth, action: password }

Here is a snippet from my settings.yml

    # Form security secret (CSRF protection)
    # csrf_secret:            off     # Unique secret to enable CSRF protection or false to disable

    # Output escaping settings
    escaping_strategy:      false            # Determines how variables are made available to templates. Accepted values: on, off.
    escaping_method:        ESC_SPECIALCHARS # Function or helper used for escaping. Accepted values: ESC_RAW, ESC_ENTITIES, ESC_JS, ESC_JS_NO_ENTITIES, and ESC_SPECIALCHARS.

    enabled_modules:        [default, sfGuardAuth]

    login_module:           sfGuardAuth
    login_action:           signin

    secure_module:          sfGuardAuth
    secure_action:          secure

And here is my security.yml

  is_secure: on

I'm not sure if this is relevant, but the application is on a shared host at 1and1. I did follow the steps on the wiki for installing on 1and1. I apologize for posting so much info, but I was not sure which part of it was relevant to my issue.

Can anybody see where I went wrong? Any help would be appreciated.


Read Message
Read Message
Read Message
Read Message
Previous Topic:sfGuard propel teams
Next Topic:sfguard check_password_callable not callable [solved]
Goto Forum:


powered by FUDforum - copyright ©2001-2004 FUD Forum Bulletin Board Software