Getting different values for $_SESSION["FBRLH_state"] and $_GET['state'] on fb callback #529
Comments
This is no doubt related to #470. What browser are you testing this with? And what is the server configuration? |
@SammyK I'm using Firefox and I'm running PhalconPHP framework on Apache2/Ubuntu. Now I'm using JavaScript SDK, so I'm not having any problems. |
I spent about 2 hours on Friday step-debugging this issue on Chrome & Safari and everything checked out. So there has to be a specific environment that's throwing this off. I know I heard from several MAMP people that they were having this issue. My version of MAMP is broken since I've used VM's for several years now. I'll try to step debug this on a working version of MAMP if I can replicate the issue, but so far I haven't been able to. :/ |
@SammyK If you want I can try to replicate this issue and send you whatever you want. |
That'd be swell! :) If you can replicate the issue, it'd be great to narrow down which environments cause it. |
I think that I'll try to set up an VPS with this error and make it available for you to access, what you think @SammyK ? |
That would be great - thanks! :) |
@marcelopiomsf @SammyK Thank you guys for working on this,looking forward resolve it. (Y) |
@sachintaware No problem. :) |
@marcelopiomsf Please update once the VPS is set.I would like to dive in! :) |
Don't know if this is any help but I'm getting the same issue with facebook/php-sdk-v4 (5.1.1). But when I rollback to facebook/php-sdk-v4 (5.1.0), it works. |
Hi all, please try #537, it's a 2min fix. I hop it will work for you. |
OK, I think i found the cause of the bug. Can you please try to add a |
Nice, @yguedidi ! Tagged 5.1.2 release with this fix. |
I had the same issue, I'm running on homestead virtual box vagrant. I went to my profile settings on Facebook, deleted the app from app settings, then ran the process again and got it to work. I'm trying to replicate the problem, but no luck |
insert this code after $helper = $fb->getRedirectLoginHelper(); $_SESSION['FBRLH_state']=$_GET['state']; |
@zratan : I tried add $_SESSION['FBRLH_state']=$_GET['state']; after this line $helper = $fb->getRedirectLoginHelper(); I still seeing this |
@SammyK : Do you ever have a solution for this ? I'm using your |
@bunlongheng What's the exact version of the PHP SDK that you have installed? The latest version (5.3.1) shouldn't require this hack. :) |
I'm not sure, this is what I have in my
Please let me know what I should do to fix this issue. |
Try updating the package: $ composer update sammyk/laravel-facebook-sdk |
So now, after the update, I shouldn't have to comment out this line /Applications/MAMP/htdocs/---/vendor/facebook/php-sdk-v4/src/Facebook/Helpers/FacebookRedirectLoginHelper.php
any more ? I'll try it again now to see if I can reproduce it. |
Yes, please don't disable CSRF protection. :) |
I still facing the same issue, after updating. :( Screenshot I even record a video for you as well sign-in via facebook error .mov.zip Please let me know what else, I can provide. :) |
In the video it looks like you're using the PHP SDK v5.2.0 which has this bug in it. Did you run |
I tried
I tried
I'm really not sure what else to check now. |
Try to dump your session storage, check which value of the state param is in it, it must match the one commit from |
@ImFireblade Could you share what you used to get this fixed, I am facing same problem. |
Hey Guys,
I'm developing my website ---- and I'm having an issue with my Facebook callback page. I'm getting this error: Facebook SDK returned an error: Cross-site request forgery validation failed. The "state" param from the URL and session do not match..
I was reading Facebook PHP SDK and I found that when you call $fb->getRedirectLoginHelper() a new value for $_SESSION["FBRLH_state"] will be assigned so when I call it again on my callback (because I need to get the accessToken) , a error will happen because ($_SESSION["FBRLH_state"] != $_GET['state']);
https://github.com/facebook/facebook-php-sdk-v4/blob/master/src/Facebook/Helpers/FacebookRedirectLoginHelper.php
Index page:
Callback page:
return from echo:
Anyone know why this is happening? I just followed https://developers.facebook.com/docs/php/howto/example_facebook_login/5.0.0
The text was updated successfully, but these errors were encountered: