Home » Php » php – Debugging a Browser Redirect Loop

php – Debugging a Browser Redirect Loop

Posted by: admin July 12, 2020 Leave a comment


I am using CakePHP with the Auth and ACL components. My page loads fine for non-registered users, but if I try to log in as a registered user I get an infinite redirect loop in the browser.

I am sure that this is some sort of permissions problem, but the problem exists even for users who have permissions for everything. The only way to prevent this behavior is to allow ‘*’ in my AppController’s beforeFilter method.

What is the best way to debug this sort of problem?


How to&Answers:

For debugging purposes, try inserting this first thing in your AppController::beforeFilter():

$this->log("Here: {$this->here}, coming from: " . $this->referer(), LOG_DEBUG);

This will write to the log in /app/tmp/logs/debug.log. You could also combine this with overriding the redirect method in the AppController:

function redirect($url, $status = null, $exit = true) {
    $trace = debug_backtrace();
    $this->log("Redirecting to: " . Router::url($url) . ", initiated in {$trace[1]['file']} on line {$trace[1]['line']}", LOG_DEBUG);
    parent::redirect($url, $status, $exit);


Also ensure that you check over the settings of your Auth component in your app_controller are setup correctly.


I tend to explicitly define them all. Maybe check over something like this, http://www.webdevelopment2.com/cakephp-auth-component-tutorial-1/ Just to be certain it’s all setup correctly.

The other thing that I found is occasionally, beforeFilter() can sometimes knockout the setup of Auth in your app_controller, so maybe try in your controllers having


To ensure that your app_controller’s beforeFilter() is being executed.


The first thing I would check is the login method of the Users controller. If implemented correctly, you will typically route all un verified/authorized traffic to the login controller. However, if you have not given permission to the public, it will most likely result in an infinite loop. So check the app_controller (or wherever you are storing the Auth/ACL permissions) and make sure that Users.login is publicly accessible.