diff --git a/book/security.rst b/book/security.rst
index 57d40606327..c962ae535f5 100644
--- a/book/security.rst
+++ b/book/security.rst
@@ -296,8 +296,8 @@ First, enable form login under your firewall:
pattern: ^/
anonymous: ~
form_login:
- login_path: /login
- check_path: /login_check
+ login_path: login
+ check_path: login_check
.. code-block:: xml
@@ -313,7 +313,7 @@ First, enable form login under your firewall:
-
+
@@ -327,8 +327,8 @@ First, enable form login under your firewall:
'pattern' => '^/',
'anonymous' => array(),
'form_login' => array(
- 'login_path' => '/login',
- 'check_path' => '/login_check',
+ 'login_path' => 'login',
+ 'check_path' => 'login_check',
),
),
),
@@ -355,10 +355,11 @@ First, enable form login under your firewall:
'form_login' => array(),
Now, when the security system initiates the authentication process, it will
-redirect the user to the login form (``/login`` by default). Implementing
-this login form visually is your job. First, create two routes: one that
-will display the login form (i.e. ``/login``) and one that will handle the
-login form submission (i.e. ``/login_check``):
+redirect the user to the login form (``/login`` by default). Implementing this
+login form visually is your job. First, the create two routes we used in the
+security configuration: the ``login`` route will display the login form (i.e.
+``/login``) and the ``login_check`` route will handle the login form
+submission (i.e. ``/login_check``):
.. configuration-block::
@@ -557,7 +558,7 @@ see :doc:`/cookbook/security/form_login`.
**1. Create the correct routes**
- First, be sure that you've defined the ``/login`` and ``/login_check``
+ First, be sure that you've defined the ``login`` and ``login_check``
routes correctly and that they correspond to the ``login_path`` and
``check_path`` config values. A misconfiguration here can mean that you're
redirected to a 404 page instead of the login page, or that submitting
diff --git a/reference/configuration/security.rst b/reference/configuration/security.rst
index f892a6a4047..8e14234a0e8 100644
--- a/reference/configuration/security.rst
+++ b/reference/configuration/security.rst
@@ -218,18 +218,18 @@ The Login Form and Process
~~~~~~~~~~~~~~~~~~~~~~~~~~
* ``login_path`` (type: ``string``, default: ``/login``)
- This is the URL that the user will be redirected to (unless ``use_forward``
- is set to ``true``) when he/she tries to access a protected resource
- but isn't fully authenticated.
+ This is the route or path that the user will be redirected to (unless
+ ``use_forward`` is set to ``true``) when he/she tries to access a
+ protected resource but isn't fully authenticated.
- This URL **must** be accessible by a normal, un-authenticated user, else
+ This path **must** be accessible by a normal, un-authenticated user, else
you may create a redirect loop. For details, see
":ref:`Avoid Common Pitfalls`".
* ``check_path`` (type: ``string``, default: ``/login_check``)
- This is the URL that your login form must submit to. The firewall will
- intercept any requests (``POST`` requests only, by default) to this URL
- and process the submitted login credentials.
+ This is the route or path that your login form must submit to. The
+ firewall will intercept any requests (``POST`` requests only, by default)
+ to this URL and process the submitted login credentials.
Be sure that this URL is covered by your main firewall (i.e. don't create
a separate firewall just for ``check_path`` URL).