Show error message after logging in but cookies are not enabled, prevent infinte redirect loop

One of our users experienced in infinite redirect loop recently, and I suspect it was because they had cookies disabled for the site.

Scenario:

1. User has cookies disabled for the Drupal site, but cookies enabled for the CAS server
2. User visits a page on Drupal site which forces anonymous users to authenticate (either by enabling forced login for that page, or having access restricted to anonymous users and r4032login module enabled)
3. User is redirect to CAS server to login
4. CAS server authenticates user and returns them to the CAS service controller on Drupal sitet
5. Drupal site logs them by validating the CAS ticket the server provided, and then redirects them back to the page they were on
6. Because the session cookie was not saved, the Drupal site thinks they are logged out still, and starts the whole process over again at step 2

The user agent of the browser that was stuck in this loop was Chrome 70 on Android Lollipop (which is from 2014). For whatever reason, the browser did not prevent the redirect loop. When I tested this scenario on Chrome desktop on Mac, Chrome stopped the loop.

Note that core has a similar problem where users receive no message that cookies are required when they try to log in and nothing happens: 🐛 Login fails and no warning is issued if cookies are not enabled Fixed . It was created in 2003!!!