Member Avatar for James_43

Hi all,

Problems trying to login with Facebook on a website. The issue is that it works for me, but when I add other tests in the App settings, it doesn't work for them, they are getting the error: Facebook SDK returned an error: Cross-site request forgery validation failed. The "state" param from the URL and session do not match.

But this is not TRUE! My session data is:

Array
(
    [FBRLH_state] => 31ac6aa90aa1a7e4eaf18f5103a29bad
)

And the URL: https://www.facebook.com/v2.5/dialog/oauth?client_id=134812913531966&state=31ac6aa90aa1a7e4eaf18f5103a29bad&response_type=code&sdk=php-sdk-5.1.2&redirect_uri=http%3A%2F%2Fvicdeals.co.nz%2Ffb-callback.php&scope=email%2Cpublic_profile%2Cuser_location%2Cuser_education_history3

Note that the STATE is the same for both. So the error message is surely false.

I am setting my sessions at the top of all scripts:

if(!session_id()) {
    session_start();
}

And like I said, this works absolutely fine for me, but not for any other user.... Any idea?!

  • 1 Contributor
  • 1 Reply
  • 369 Views
  • 15 Minutes Discussion Span
  • Latest Post Latest Post by James_43
Member Avatar for James_43

An update, but a disturbing one, I have temporaily fixed the issue by setting the Session data based upon the $_GET['state'] parameter in my callback.php ... But surely it is not supposed to work like this?

$helper = $fb->getRedirectLoginHelper();

$_SESSION['FBRLH_state'] = $_GET['state'];
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.