Skip to content

How to Fix Authelia Redirect Loop Error

DodaTech Updated 2026-06-24 2 min read

In this tutorial, you'll learn about How to Fix Authelia Redirect Loop Error. We cover key concepts, practical examples, and best practices to help you understand and apply this topic effectively.

Users experience an infinite redirect loop when accessing protected resources — the browser bounces between Authelia and the application without ever loading the content.

The Problem

Browser shows: Too many redirects
The request goes in an infinite loop:
app.example.com → auth.example.com → app.example.com → auth.example.com ...

Step-by-Step Fix

Step 1: Check Authelia domain configuration

# /etc/authelia/configuration.yml
host: 0.0.0.0
port: 9091

# Domain settings
default_redirection_url: https://app.example.com

session:
  domain: example.com  # Must match cookie domain, not app subdomain
  same_site: lax

Step 2: Verify proxy configuration

# Nginx example
server {
    listen 443 ssl;
    server_name app.example.com;

    location / {
        auth_request /auth/verify;
        auth_request_set $auth_cookie $upstream_http_set_cookie;
        add_header Set-Cookie $auth_cookie;

        proxy_pass http://backend:3000;
    }

    location = /auth/verify {
        internal;
        proxy_pass http://127.0.0.1:9091/api/verify;
        proxy_pass_request_body off;
        proxy_set_header Content-Length "";
        proxy_set_header X-Forwarded-Method $request_method;
    }

    location /authelia {
        proxy_pass http://127.0.0.1:9091;
    }
}

Step 3: Set the correct session domain

session:
  domain: example.com
  # NOT: app.example.com, NOT: .example.com (wrong)
session:
  name: authelia_session
  same_site: lax  # Use lax, not strict
  expiration: 3600
  inactivity: 300

Step 5: Clear browser cookies and test

# Clear cookies for *.example.com
# Then test navigation
curl -v https://app.example.com/

Prevention Tips

  • Set session.domain to the parent domain (e.g., example.com), not a subdomain
  • Use same_site: lax for the session cookie
  • Ensure default_redirection_url matches the application URL
  • Test with browser DevTools to trace redirect chain

Common Mistakes with redirect loop

  1. Forgetting deriving (Show, Eq) on custom data types needed for debugging
  2. Placing the wildcard pattern first in case expressions, making all subsequent patterns unreachable
  3. Using head and tail instead of pattern matching, causing runtime errors on empty lists

These mistakes appear frequently in real-world AUTHELIA code. DodaTech's contributors have identified these patterns through analysis of open-source projects and production systems.

Practice Exercise

Write a pure function that safely divides two integers using Maybe, then test it with edge cases like division by zero and negative numbers.

This exercise reinforces the concepts covered in this guide. Try implementing it before checking online solutions.

FAQ

### Why does Authelia keep redirecting to the login page?

The session cookie is not being set or is invalid. Check that the session.domain matches the parent domain of both Authelia and the protected application. Clear all cookies for the domain and re-authenticate.

What is the correct session domain for Authelia?

If Authelia is at auth.example.com and apps are at app.example.com and admin.example.com, set session.domain: example.com. The cookie is shared across all subdomains.

How do I debug Authelia redirect loops?

Enable verbose logging: log_level: debug in configuration.yml. Check the Authelia logs for session verification failures. Use browser DevTools (Network tab) to trace the redirect chain and identify where the loop occurs.

Built by the developers of DodaTech

Doda Browser, DodaZIP & Durga Antivirus Pro