Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: "Require all granted" can also trigger Looping

...

Only give up on the cookieProps change as a last resort. I'm not aware of any situations in which one of the above mechanisms won't work, and the additional protection of limiting the cookie to SSL is substantial. It's only omitted by default because so many people end up with loops and complain to the support list.

Requests bouncing without scheme change

If Apache 2.4 is involved, check the Apache Virtual Host. If the protected <Directory> or <Location> has a

  • Require all granted

directive, remove it and restart Apache.