Reset the CSRF so that it does not get reused

src/Facebook/Helpers/FacebookRedirectLoginHelper.php

@@ -219,6 +219,7 @@ public function getAccessToken($redirectUrl = null)
         }
 
         $this->validateCsrf();
+        $this->resetCsrf();
 
         $redirectUrl = $redirectUrl ?: $this->urlDetectionHandler->getCurrentUrl();
         // At minimum we need to remove the state param
@@ -250,6 +251,14 @@ protected function validateCsrf()
         throw new FacebookSDKException('Cross-site request forgery validation failed. The "state" param from the URL and session do not match.');
     }
 
+    /**
+     * Resets the CSRF so that it doesn't get reused.
+     */
+    private function resetCsrf()
+    {
+        $this->persistentDataHandler->set('state', null);
+    }
+
     /**
      * Return the code.
      *