Redirection Error

I am using cakephp version 4. When I try to load my project, I get the error: This page isn’t working. localhost redirected you too many times ERR_TOO_MANY_REDIRECTS. So I googled the problem and found some debugging code. The site I found said to put the following in AppController:

public function redirect($url) { 
	die; }

When I paste in the code and refresh my browser, I get the error:

Fatal error: Declaration of App\Controller\AppController::redirect($url) must be compatible with Cake\Controller\Controller::redirect($url, int $status = 302): ?Cake\Http\Response in C:\xampp\htdocs\momp\src\Controller\AppController.php on line 31

line 31 is: class AppController extends Controller

I changed the function parameters to public function redirect($url, int $status = 302) but I got the same error.

The : ?Cake\Http\Response is part of the function declaration; it’s specifying that the return type of the function will be a Response object (or possibly null, indicated by the “?”).

But the “too many redirects” is usually a result of the login page not being excluded from authentication, so it redirects to the login page, which redirects to the login page, etc.

This is what I have in my UsersController. I baked it so it should be correct.

public function login()
    $this->request->allowMethod(['get', 'post']);
    $result = $this->Authentication->getResult();
    // regardless of POST or GET, redirect if user is logged in
    if ($result->isValid()) {
        // redirect to /mealplans after login success
        $redirect = $this->request->getQuery('redirect', [
            'controller' => 'Mealplans',
            'action' => 'index',

        return $this->redirect($redirect);
    // display error if user submitted and authentication failed
    if ($this->request->is('post') && !$result->isValid()) {
        $this->Flash->error(__('Invalid email or password'));

you need to add the following your userscontroller:

public function beforeFilter(\Cake\Event\EventInterface $event)
// Configure the login action to not require authentication, preventing
// the infinite redirect loop issue

see CMS Tutorial - Authentication - 4.x

Thanks, dirk. I had that in my UsersController already. I tried baking UsersController again but it didn’t create a login or logout method. I wonder why that is.

I don’t have password_confirm encrypted in my database. Could this be a problem?

The authentication plugin will be expecting that the password in the database is hashed (not encrypted). If it’s not, it won’t let you log in.

baking does not generate the login, logout or register action. You should have noticed that, when you first baked the userscontroller.

only you know which steps you followed to get the login action in your controller, so you have to check against the tutorial what is done and what is missing. CMS Tutorial - Authentication - 4.x

what is the function of your field passwordconfirm?

When the user registers for an account, he’s asked to confirm his password.

i think there is no need for this database field.
here is a short description of how password hashing works in cakephp 3 and cakephp 4 and a solution to your problem.

When I comment out the lines of code in my login method in UsersController, the page loads with no problem so something is wrong with my login method. I got the code for the method from the cakephp 4 tutorial.

I’m stepping through the login method now and uncommenting it out line by line.

When I uncomment return $this->redirect($redirect); it displays ERR_TOO_MANY_REDIRECTS again so that’s the line of code that is guilty.

I tried removing the controller and action from the redirect but it still didn’t speed up the page load.

what is the output when you put these two lines before the redirect ?

debug ($this->request->getAttribute(‘authentication’));

object(Authentication\AuthenticationService) id:0 {protected _authenticators => object(Authentication\Authenticator\AuthenticatorCollection) id:1 { }protected _identifiers => object(Authentication\Identifier\IdentifierCollection) id: 2 {}protected _successfulAuthenticator => object(Authentication\Authenticator\SessionAuthenticator) id: 4 {}protected _result => object(Authentication\Authenticator\Result) id:6 { }protected _defaultConfig => [ ]protected _config => [ ]protected _configInitialized => true}

I tried: return $this->redirect($this->referer()); and I still got the redirection error.