Endless redirect loop in security exception
Question

When refreshing a page with restricted access after a session time-out, an endless redirect loop is started through the security exception handler. The handler looks like below.

When it occurs, it has followed the path down to the Common\Login (checked with LogMessage)

The error log shows many times "SalesSupport role required" (from the page that is refreshed that needs this role)  after which it stops with "Too many redirects".

It only happens after a session time-out. When you try to access a restricted URL when not logged in, you are redirected to the login page as it should.

What is happening?


Hi Rogier,

I found the same issue in one of my apps, but I still wasn't able identify the why. Do you have any update about what could be causing this problem?


Cheers,

António Pereira

Update:

I want to add the possibility that is it not a loop but a burst of security exceptions caused by the single refresh of the page, because the "SalesSupport role required" errors are all a bit different. Every security exception is then handled separately, causing several redirects at the same time, after which the web server gives up and redirects to an ugly error page.

I got a similar situation and I think it is related.

I have a mobile app (PWA) that I can't login into anymore when I'm a new user. I also get the error page with the "to many redirects" notification but in the network log of the browser I don't see any navigation except the first one. 

I added some console logs to the OnException Action to see what is happening. It looks like this;

ConsoleLog_Security logs:  "Security Exception: " + SecurityException.ExceptionMessage
ConsoleLog_RedirectInvalidPermissions logs: "Redirect to Invalid Permissions"
ConsoleLog_RedirectLogin logs: "Redirect to Login"

The console log looks like this (with preserve log on otherwise this is not visible;

So it looks like a redirect takes places to the Login screen but I don't see that happing in the network log. Also the login screen is reachable by anonymous and there are no widgets or actions used on LayoutBlank that have any role requirement.

Currently I have no solution.

Edit: I'm using OutSystem UI version 2.6.12. It is not the latest so I will update it to see if this solves the problem.

There is also nothing the OnApplicationReady or OnApplicationResume that could cause this (I disabled all elements in the actions.

Still need to update OutSystems UI but this is not so easy to do at the moment.

Solved! (but now I think it is no longer related to the original question)

The anonymous roles was disabled on the Splash screen. Enabling this role solved my issue.

Facing Same issue in my application but i am handling the issue on login page. If i found the already login then redirect on landing pages or destination page. 

but after enable the anonymous roles its working

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.