Fixed Redirect Loop caused by 2FA login edge-case

Steffen

Steffen

Well-known member
Affected version
2.2.16 and 2.3.0 RC4
How to reproduce:

  1. Enable 2FA in your XenForo account if not already done
  2. Log out from XenForo
  3. Open https://xenforo.com/community/register/
  4. Click on the "Log in" button in the header (this makes the login dialog appear on the register page whose URL remains the same)
  5. Log in with your username + password
  6. Complete the 2FA challenge

What happens next is an infinite redirect loop from https://xenforo.com/community/register/ to https://xenforo.com/community/login/two-step?_xfRedirect=https%3A%2F%2Fxenforo.com%2Fcommunity%2Fregister%2F&remember=1 and back again. Depending on your browser and server it will probably be terminated at some point by an "ERR_TOO_MANY_REDIRECTS" browser error, an "HTTP 429 Too Many Requests" server error or something similar.
 
Thank you for reporting this issue, it has now been resolved. We are aiming to include any changes that have been made in a future XF release (2.3.0 RC 5).

Change log:
Avoid redirect loop when logging in from the registration page
Click to expand...
There may be a delay before changes are rolled out to the XenForo Community.
 

Similar threads

icratox
Awaiting feedback Using special characters in Category/Forum nodes will cause redirect loop
Replies
4
Views
3K
PaulB
PaulB
Back
Top Bottom