I'm getting a redirect loop on a Drupal 7 install. Whenever a non-admin user logs in, the site will enter a redirect loop on the user profile URL; for example, http://example.com/?q=user/testuser.
This URL is accessible with no issues by the superuser account, and attempting to access this URL while logged out returns a 403 Access Denied as expected.
When logged in as a non-admin user, attempting to access any URL at all will redirect to the user profile page, which will then redirect onto itself, causing the redirect loop to start anew.
I have found that if I give a specific user the "administrator" role, the redirect loop will cease for that user, and the page will no longer try to redirect to user/%username on login.
I have also found that if I give users the "administer users" permission that the redirect loop will cease, but will still redirect the user to user/%username on login.
Obviously neither of these solutions are possible as giving regular users administrator roles or the ability to administer users is a huge security risk.
Does anyone know of a fix for this, or a way to get around this with an override related to user role?
Installed modules: Block, Color, Comment, Contextual links, Dashboard, Database logging, Field, Field SQL storage, Field UI, File, Filter, Help, Image, List, Menu, Node, Number, Options, Overlay, Path, RDF, Search, Shortcut, System, Taxonomy, Text, Toolbar, Update manager, User, Chaos tools (7.x-1.0-alpha4), Page manager, Devel, Theme Developer, Fieldgroup, IMCE, Pathauto, Token, Taxonomy Menu, IMCE Wysiwyg API bridge, Wysiwyg, Webform, and several custom modules which i) provide blocks 2) provide custom pages and 3) modify the default search behaviour (splits search results by node type). None of my custom modules ever interface with the user management system, permissions system or use any of the functions provided by the user module.
I had an identical problem... spurred on by the fact I wasn't the only one faced with this issue I dug around a bit more. It was your update that gave it away - the Custom Theme.
I'm sure this could be caused by lots of different factors, but in my case and potentially yours, it was my template.php that was at fault.
I was using a custom MYTHEME_preprocess_page() to make some custom variables available in my templates. One of the variables was obviously a bit funky because when i removed it the problem disappeared. Turns out it was some left over code from when I was trying to get the user registration form into the page. It never worked and I forgot to remove it!
Hope this helps someone out there get back on track.