Skip to Main Content
Forums

APEX

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

ERR_TOO_MANY_REDIRECTS in Apex login for http and not for https

GeertDePaepFeb 10 2019

Hi all,

I have had this ERR_TOO_MANY_REDIRECTS error before why opening an Apex login page, but I never knew where it came from or how to solve it (which scraed me). Now I think I figured out where it comes from, and I want to share it in this Apex forum, in case someone else encounters it as well.

A put all the technical details in the following blog post:

https://geertdepaep.wordpress.com/2019/02/10/err_too_many_redirects-in-apex-login-for-http-and-not-for-https/

In summary, this error occurs when you have accessed your Apex application via https, and then later via http (this is not a discussion about why you would want to do this, but some people may have some reason to do so, e.g. in case of ssl issues and you need an urgent fallback to non-ssl). Both access methods (http and https) use the same cookie name to identify your session. However the https connection sets the cookie with the 'secure' flag, which makes it unusable for the http connection. Hence, the http connection can never create a valid session, comes in a redirect loop and finally the browser terminates it with ERR_TOO_MANY_REDIRECTS.

I'll repeat the questions I have about this:

To the apex developers: do you consider this as well as a bug, and in that case can you use a different name for the cookie in case of an http vs https connection? That would solve the problem. Or do you have an option to clear the ‘secure’ flag in the cookie when using http?

Other questions, to everyone:

  • Do you know of a (supported) way to avoid this, I mean any setting in Apex or so I overlooked?
  • What would be the easiest way to clear the secure flag in the cookie, if you would need to do so? Manually removing the cookie from the browser is somewhat difficult and I think many people (end users) would not know how to do this.
  • Do you know of a way to better handle this error? E.g. do you know if you can have Apache redirect to some error page in case of ERR_TOO_MANY_REDIRECTS, or even better, to a page where you have a button to clear the cookie?

Anyway, I hope this gives you a good insight in the problem, and I hope that you no longer see this as a "mysterious" error that "suddenly" occurs.

Regards,

Geert
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Mar 19 2025
Added on Feb 10 2019
#apex-discussions, #login
2 comments
1,567 views