The documentation seems to suggest that both http_basic:
and form_login:
should be configured in security.yml
to implement a traditional login form.
But, isn't the purpose of a login form to replace the http basic authentication? Does http_basic:
really have to be configured? If yes, why? If not, can I remove it?
Symfony Security has a variety of options to authenticate the user and the documentation shows two of them – and that you can use more than one at the same time.
But you don’t have to do that. You can remove http_basic
.