Create a "secure" module/action like this:

  public function executeSecure()
  {
  	if (!$this->getUser()->hasAttribute("secure_referer"))
  	    $this->getUser()->setAttribute("secure_referer", $this->getRequest()->getReferer());
  	
  	echo $this->getUser()->getAttribute('secure_referer');
  	
	if (!isset($_SERVER['PHP_AUTH_USER']))
	{
	  header('WWW-Authenticate: Basic realm="Member Area"');
	  header('HTTP/1.0 401 Unauthorized');

	  return sfView::NONE;
	}
	else
	{	
		if ($this->getUser()->tryLogin($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']))
		{
			return $this->redirect($this->getUser()->getAttribute("secure_referer"));
		}
		else
		{
		  header('WWW-Authenticate: Basic realm="Member Area"');
		  header('HTTP/1.0 401 Unauthorized');

	  	  return sfView::NONE;
		}
	}
  }

No template is needed, as everytime you access it will redirect to the referer. Then change in app/yourapp/config/settings.yml the secure_module and secure_action to match this module.

You will need a myUser::tryLogin function that returns a boolean saying "auth is ok" or "bad auth"

And you're done :p

discussion

• I think the return of sfView::HEADERS_ONLY is better than using sfView::NONE. Also, just set "has_layout: off" in the view.yml for the specific function.
• Another question: aren't there functions to send HTTP headers via symfony? Something like sfContext::getRequest()->setHeader('Foo: 1'); - I think this would fit more with the conventions than using php's header()-function.
• You should never trust the value of HTTP_REFERER as it is easily forgeable