New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Getting different values for $_SESSION["FBRLH_state"] and $_GET['state'] on fb callback #529

Closed
marcelopiomsf opened this Issue Oct 30, 2015 · 29 comments

Comments

Projects
None yet
@marcelopiomsf

marcelopiomsf commented Oct 30, 2015

Hey Guys,

I'm developing my website ---- and I'm having an issue with my Facebook callback page. I'm getting this error: Facebook SDK returned an error: Cross-site request forgery validation failed. The "state" param from the URL and session do not match..

I was reading Facebook PHP SDK and I found that when you call $fb->getRedirectLoginHelper() a new value for $_SESSION["FBRLH_state"] will be assigned so when I call it again on my callback (because I need to get the accessToken) , a error will happen because ($_SESSION["FBRLH_state"] != $_GET['state']);

https://github.com/facebook/facebook-php-sdk-v4/blob/master/src/Facebook/Helpers/FacebookRedirectLoginHelper.php

public function __construct(OAuth2Client $oAuth2Client, PersistentDataInterface $persistentDataHandler = null, UrlDetectionInterface $urlHandler = null, PseudoRandomStringGeneratorInterface $prsg = null)
    {
        $this->oAuth2Client = $oAuth2Client;
        $this->persistentDataHandler = $persistentDataHandler ?: new FacebookSessionPersistentDataHandler();
        $this->urlDetectionHandler = $urlHandler ?: new FacebookUrlDetectionHandler();
        $this->pseudoRandomStringGenerator = PseudoRandomStringGeneratorFactory::createPseudoRandomStringGenerator($prsg);
    }

Index page:

$fb = $this->facebook;
$helper = $fb->getRedirectLoginHelper();
$permissions = ['email','public_profile','user_friends'];
$loginUrl = $helper->getLoginUrl('https://fleacollege.com/login/facebook', $permissions);

//passing url from controller to view :
$this->view->facebookURL = $loginUrl;

Callback page:

$fb = $this->facebook;
$helper = $fb->getRedirectLoginHelper();

try {
$accessToken = $helper->getAccessToken();
} catch(Facebook\Exceptions\FacebookResponseException $e) {
// When Graph returns an error
echo 'Graph returned an error: ' . $e->getMessage();
exit;
} catch(Facebook\Exceptions\FacebookSDKException $e) {
// When validation fails or other local issues
echo 'Facebook SDK returned an error: ' . $e->getMessage() . "</br>";
exit;
}

$accessToken = $helper->getAccessToken();
echo $_SESSION["FBRLH_state"] . "</br>";
echo $_GET['state'];

return from echo:

e7fca1bfcb37fe3262468c068b72a3de
e0eec1b15428c9429846d2b41753473f

Anyone know why this is happening? I just followed https://developers.facebook.com/docs/php/howto/example_facebook_login/5.0.0

@SammyK

This comment has been minimized.

Show comment
Hide comment
@SammyK

SammyK Oct 30, 2015

Collaborator

This is no doubt related to #470.

What browser are you testing this with? And what is the server configuration?

Collaborator

SammyK commented Oct 30, 2015

This is no doubt related to #470.

What browser are you testing this with? And what is the server configuration?

@marcelopiomsf

This comment has been minimized.

Show comment
Hide comment
@marcelopiomsf

marcelopiomsf Oct 31, 2015

@SammyK I'm using Firefox and I'm running PhalconPHP framework on Apache2/Ubuntu.

Now I'm using JavaScript SDK, so I'm not having any problems.

marcelopiomsf commented Oct 31, 2015

@SammyK I'm using Firefox and I'm running PhalconPHP framework on Apache2/Ubuntu.

Now I'm using JavaScript SDK, so I'm not having any problems.

@SammyK

This comment has been minimized.

Show comment
Hide comment
@SammyK

SammyK Nov 3, 2015

Collaborator

I spent about 2 hours on Friday step-debugging this issue on Chrome & Safari and everything checked out. So there has to be a specific environment that's throwing this off. I know I heard from several MAMP people that they were having this issue. My version of MAMP is broken since I've used VM's for several years now. I'll try to step debug this on a working version of MAMP if I can replicate the issue, but so far I haven't been able to. :/

Collaborator

SammyK commented Nov 3, 2015

I spent about 2 hours on Friday step-debugging this issue on Chrome & Safari and everything checked out. So there has to be a specific environment that's throwing this off. I know I heard from several MAMP people that they were having this issue. My version of MAMP is broken since I've used VM's for several years now. I'll try to step debug this on a working version of MAMP if I can replicate the issue, but so far I haven't been able to. :/

@marcelopiomsf

This comment has been minimized.

Show comment
Hide comment
@marcelopiomsf

marcelopiomsf Nov 5, 2015

@SammyK If you want I can try to replicate this issue and send you whatever you want.

marcelopiomsf commented Nov 5, 2015

@SammyK If you want I can try to replicate this issue and send you whatever you want.

@SammyK

This comment has been minimized.

Show comment
Hide comment
@SammyK

SammyK Nov 5, 2015

Collaborator

That'd be swell! :) If you can replicate the issue, it'd be great to narrow down which environments cause it.

Collaborator

SammyK commented Nov 5, 2015

That'd be swell! :) If you can replicate the issue, it'd be great to narrow down which environments cause it.

@marcelopiomsf

This comment has been minimized.

Show comment
Hide comment
@marcelopiomsf

marcelopiomsf Nov 5, 2015

I think that I'll try to set up an VPS with this error and make it available for you to access, what you think @SammyK ?

marcelopiomsf commented Nov 5, 2015

I think that I'll try to set up an VPS with this error and make it available for you to access, what you think @SammyK ?

@SammyK

This comment has been minimized.

Show comment
Hide comment
@SammyK

SammyK Nov 5, 2015

Collaborator

That would be great - thanks! :)

Collaborator

SammyK commented Nov 5, 2015

That would be great - thanks! :)

@sachintaware

This comment has been minimized.

Show comment
Hide comment
@sachintaware

sachintaware Nov 16, 2015

@marcelopiomsf @SammyK Thank you guys for working on this,looking forward resolve it. (Y)
Cheers

sachintaware commented Nov 16, 2015

@marcelopiomsf @SammyK Thank you guys for working on this,looking forward resolve it. (Y)
Cheers

@SammyK

This comment has been minimized.

Show comment
Hide comment
@SammyK

SammyK Nov 16, 2015

Collaborator

@sachintaware No problem. :)

Collaborator

SammyK commented Nov 16, 2015

@sachintaware No problem. :)

@sachintaware

This comment has been minimized.

Show comment
Hide comment
@sachintaware

sachintaware Nov 17, 2015

@marcelopiomsf Please update once the VPS is set.I would like to dive in! :)

sachintaware commented Nov 17, 2015

@marcelopiomsf Please update once the VPS is set.I would like to dive in! :)

@ainehickey

This comment has been minimized.

Show comment
Hide comment
@ainehickey

ainehickey Nov 19, 2015

Don't know if this is any help but I'm getting the same issue with facebook/php-sdk-v4 (5.1.1). But when I rollback to facebook/php-sdk-v4 (5.1.0), it works.

ainehickey commented Nov 19, 2015

Don't know if this is any help but I'm getting the same issue with facebook/php-sdk-v4 (5.1.1). But when I rollback to facebook/php-sdk-v4 (5.1.0), it works.

@yguedidi

This comment has been minimized.

Show comment
Hide comment
@yguedidi

yguedidi Nov 19, 2015

Collaborator

Hi all, please try #537, it's a 2min fix. I hop it will work for you.

Collaborator

yguedidi commented Nov 19, 2015

Hi all, please try #537, it's a 2min fix. I hop it will work for you.

@yguedidi

This comment has been minimized.

Show comment
Hide comment
@yguedidi

yguedidi Nov 19, 2015

Collaborator

OK, I think i found the cause of the bug. Can you please try to add a session_start() call befor everything?

Collaborator

yguedidi commented Nov 19, 2015

OK, I think i found the cause of the bug. Can you please try to add a session_start() call befor everything?

@gfosco gfosco closed this in f2dfdc1 Nov 19, 2015

@gfosco

This comment has been minimized.

Show comment
Hide comment
@gfosco

gfosco Nov 19, 2015

Contributor

Nice, @yguedidi !

Tagged 5.1.2 release with this fix.

Contributor

gfosco commented Nov 19, 2015

Nice, @yguedidi !

Tagged 5.1.2 release with this fix.

@GQwebsites

This comment has been minimized.

Show comment
Hide comment
@GQwebsites

GQwebsites May 12, 2016

I had the same issue, I'm running on homestead virtual box vagrant. I went to my profile settings on Facebook, deleted the app from app settings, then ran the process again and got it to work. I'm trying to replicate the problem, but no luck

GQwebsites commented May 12, 2016

I had the same issue, I'm running on homestead virtual box vagrant. I went to my profile settings on Facebook, deleted the app from app settings, then ran the process again and got it to work. I'm trying to replicate the problem, but no luck

@zratan

This comment has been minimized.

Show comment
Hide comment
@zratan

zratan Jun 8, 2016

insert this code after $helper = $fb->getRedirectLoginHelper();

$_SESSION['FBRLH_state']=$_GET['state'];
and it wil work or for more detail visit facebook login apps

zratan commented Jun 8, 2016

insert this code after $helper = $fb->getRedirectLoginHelper();

$_SESSION['FBRLH_state']=$_GET['state'];
and it wil work or for more detail visit facebook login apps

@bunlongheng

This comment has been minimized.

Show comment
Hide comment
@bunlongheng

bunlongheng Oct 6, 2016

@zratan : I tried add

$_SESSION['FBRLH_state']=$_GET['state'];

after this line

$helper = $fb->getRedirectLoginHelper();

I still seeing this

screen shot 2016-10-06 at 10 44 32 am

bunlongheng commented Oct 6, 2016

@zratan : I tried add

$_SESSION['FBRLH_state']=$_GET['state'];

after this line

$helper = $fb->getRedirectLoginHelper();

I still seeing this

screen shot 2016-10-06 at 10 44 32 am

@bunlongheng

This comment has been minimized.

Show comment
Hide comment
@bunlongheng

bunlongheng Oct 6, 2016

@SammyK : Do you ever have a solution for this ? I'm using your "sammyk/laravel-facebook-sdk": "~3.0",

bunlongheng commented Oct 6, 2016

@SammyK : Do you ever have a solution for this ? I'm using your "sammyk/laravel-facebook-sdk": "~3.0",

@SammyK

This comment has been minimized.

Show comment
Hide comment
@SammyK

SammyK Oct 6, 2016

Collaborator

@bunlongheng What's the exact version of the PHP SDK that you have installed? The latest version (5.3.1) shouldn't require this hack. :)

Collaborator

SammyK commented Oct 6, 2016

@bunlongheng What's the exact version of the PHP SDK that you have installed? The latest version (5.3.1) shouldn't require this hack. :)

@bunlongheng

This comment has been minimized.

Show comment
Hide comment
@bunlongheng

bunlongheng Oct 6, 2016

I'm not sure, this is what I have in my compoer.json

"require": {
        "php": ">=5.5.9",
        "laravel/framework": "5.1.*",
        "illuminate/html": "^5.0",
        "laracasts/utilities": "~2.0",
        "barryvdh/laravel-debugbar": "^2.0",
        "sammyk/laravel-facebook-sdk": "~3.0",
        "doctrine/dbal": "^2.5"
    },
    "require-dev": {
        "fzaninotto/faker": "~1.4",
        "mockery/mockery": "0.9.*",
        "phpunit/phpunit": "~4.0",
        "phpspec/phpspec": "~2.1"
    },


Please let me know what I should do to fix this issue.

bunlongheng commented Oct 6, 2016

I'm not sure, this is what I have in my compoer.json

"require": {
        "php": ">=5.5.9",
        "laravel/framework": "5.1.*",
        "illuminate/html": "^5.0",
        "laracasts/utilities": "~2.0",
        "barryvdh/laravel-debugbar": "^2.0",
        "sammyk/laravel-facebook-sdk": "~3.0",
        "doctrine/dbal": "^2.5"
    },
    "require-dev": {
        "fzaninotto/faker": "~1.4",
        "mockery/mockery": "0.9.*",
        "phpunit/phpunit": "~4.0",
        "phpspec/phpspec": "~2.1"
    },


Please let me know what I should do to fix this issue.

@SammyK

This comment has been minimized.

Show comment
Hide comment
@SammyK

SammyK Oct 6, 2016

Collaborator

Try updating the package:

$ composer update sammyk/laravel-facebook-sdk
Collaborator

SammyK commented Oct 6, 2016

Try updating the package:

$ composer update sammyk/laravel-facebook-sdk
@bunlongheng

This comment has been minimized.

Show comment
Hide comment
@bunlongheng

bunlongheng Oct 6, 2016

So now, after the update, I shouldn't have to comment out this line

/Applications/MAMP/htdocs/---/vendor/facebook/php-sdk-v4/src/Facebook/Helpers/FacebookRedirectLoginHelper.php

//$this->validateCsrf();

any more ? I'll try it again now to see if I can reproduce it.

bunlongheng commented Oct 6, 2016

So now, after the update, I shouldn't have to comment out this line

/Applications/MAMP/htdocs/---/vendor/facebook/php-sdk-v4/src/Facebook/Helpers/FacebookRedirectLoginHelper.php

//$this->validateCsrf();

any more ? I'll try it again now to see if I can reproduce it.

@SammyK

This comment has been minimized.

Show comment
Hide comment
@SammyK

SammyK Oct 6, 2016

Collaborator

Yes, please don't disable CSRF protection. :)

Collaborator

SammyK commented Oct 6, 2016

Yes, please don't disable CSRF protection. :)

@bunlongheng

This comment has been minimized.

Show comment
Hide comment
@bunlongheng

bunlongheng Oct 6, 2016

I still facing the same issue, after updating. :(

Screenshot

screen shot 2016-10-06 at 10 44 32 am

I even record a video for you as well

sign-in via facebook error .mov.zip

Please let me know what else, I can provide. :)

bunlongheng commented Oct 6, 2016

I still facing the same issue, after updating. :(

Screenshot

screen shot 2016-10-06 at 10 44 32 am

I even record a video for you as well

sign-in via facebook error .mov.zip

Please let me know what else, I can provide. :)

@SammyK

This comment has been minimized.

Show comment
Hide comment
@SammyK

SammyK Oct 6, 2016

Collaborator

In the video it looks like you're using the PHP SDK v5.2.0 which has this bug in it. Did you run composer update sammyk/laravel-facebook-sdk? That should get it up-to-date with the latest version of the PHP SDK as well. You can also try composer update facebook/graph-sdk

Collaborator

SammyK commented Oct 6, 2016

In the video it looks like you're using the PHP SDK v5.2.0 which has this bug in it. Did you run composer update sammyk/laravel-facebook-sdk? That should get it up-to-date with the latest version of the PHP SDK as well. You can also try composer update facebook/graph-sdk

@bunlongheng

This comment has been minimized.

Show comment
Hide comment
@bunlongheng

bunlongheng Oct 6, 2016

I tried sudo composer update sammyk/laravel-facebook-sdk I got

Loading composer repositories with package information
Updating dependencies (including require-dev)
Nothing to install or update
Generating autoload files
php artisan clear-compiled
php artisan optimize
Generating optimized class loader

I tried sudo composer update facebook/graph-sdk I also got

Loading composer repositories with package information
Updating dependencies (including require-dev)
Nothing to install or update
Generating autoload files
php artisan clear-compiled
php artisan optimize
Generating optimized class loader

I'm really not sure what else to check now.

bunlongheng commented Oct 6, 2016

I tried sudo composer update sammyk/laravel-facebook-sdk I got

Loading composer repositories with package information
Updating dependencies (including require-dev)
Nothing to install or update
Generating autoload files
php artisan clear-compiled
php artisan optimize
Generating optimized class loader

I tried sudo composer update facebook/graph-sdk I also got

Loading composer repositories with package information
Updating dependencies (including require-dev)
Nothing to install or update
Generating autoload files
php artisan clear-compiled
php artisan optimize
Generating optimized class loader

I'm really not sure what else to check now.

@ImFireblade

This comment has been minimized.

Show comment
Hide comment
@ImFireblade

ImFireblade Jan 11, 2018

I'm having the same problem. I have the latest version and i'm using lumen
cattura
What should i do?
Thank you.

ImFireblade commented Jan 11, 2018

I'm having the same problem. I have the latest version and i'm using lumen
cattura
What should i do?
Thank you.

@yguedidi

This comment has been minimized.

Show comment
Hide comment
@yguedidi

yguedidi Feb 25, 2018

Collaborator

Try to dump your session storage, check which value of the state param is in it, it must match the one commit from $_GET to make things work

Collaborator

yguedidi commented Feb 25, 2018

Try to dump your session storage, check which value of the state param is in it, it must match the one commit from $_GET to make things work

@puneetthakur66

This comment has been minimized.

Show comment
Hide comment
@puneetthakur66

puneetthakur66 Aug 28, 2018

@ImFireblade Could you share what you used to get this fixed, I am facing same problem.

puneetthakur66 commented Aug 28, 2018

@ImFireblade Could you share what you used to get this fixed, I am facing same problem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment