diff --git a/src/openforms/conf/base.py b/src/openforms/conf/base.py
index c4df44f7b9..8a98350e21 100644
--- a/src/openforms/conf/base.py
+++ b/src/openforms/conf/base.py
@@ -266,7 +266,7 @@
     "openforms.translations.middleware.AdminLocaleMiddleware",
     "hijack.middleware.HijackUserMiddleware",
     "openforms.middleware.SessionTimeoutMiddleware",
-    "mozilla_django_oidc_db.middleware.SessionRefresh",
+    "openforms.utils.middleware.SessionRefresh",
     "maykin_2fa.middleware.OTPMiddleware",
     "django.contrib.messages.middleware.MessageMiddleware",
     "django.middleware.clickjacking.XFrameOptionsMiddleware",
diff --git a/src/openforms/utils/middleware.py b/src/openforms/utils/middleware.py
index 1a2e6eb150..e5d3f80463 100644
--- a/src/openforms/utils/middleware.py
+++ b/src/openforms/utils/middleware.py
@@ -1,3 +1,8 @@
+from django.urls import reverse
+from django.utils.functional import cached_property
+
+from mozilla_django_oidc_db.middleware import SessionRefresh as _SessionRefresh
+
 from openforms.config.models import CSPSetting
 
 
@@ -60,3 +65,24 @@ def _append_dict_list_values(target, source):
                 target[k] = [v]
             else:
                 target[k] = list(set(v))
+
+
+class SessionRefresh(_SessionRefresh):
+
+    @cached_property
+    def exempt_urls(self):
+        """
+        Issue: https://github.com/open-formulieren/open-forms/issues/4435
+
+        Make sure the legacy OIDC URLs are also exempt from session refresh to avoid
+        infinite redirects
+        """
+        extra = {
+            reverse(name)
+            for name in [
+                "legacy_oidc:oidc_authentication_init",
+                "legacy_oidc:oidc_authentication_callback",
+                "legacy_oidc:oidc_logout",
+            ]
+        }
+        return super().exempt_urls | extra