We just ran into this error on one of our applications after upgrading to 4.2 where we kept getting the same "redirect loop" error. The app used a No authentication (using DAD) authentication scheme. We allow HTTP access and the secure attribute under Session Cookie Attributes was set to Yes. Once we changed it to No the error went away. We're not sure if it was set different in 4.1 or if 4.2 just behaves different. This post got us in the ballpark so thought I'd pass this along in case some else encountered the save issue.