I still facing Cross-site request forgery validation failed. The "state" param from the URL and session do not match

SammyK / LaravelFacebookSdk

Fully unit tested Facebook SDK v5 integration for Laravel & Lumen

MIT License

692 stars 200 forks source link

I still facing Cross-site request forgery validation failed. The "state" param from the URL and session do not match #120

Closed youyi1314 closed 8 years ago

youyi1314 commented 8 years ago

May i know is this sdk fix "Cross-site request forgery validation failed. The "state" param from the URL and session do not match" ? Because i still facing this problem. Any one any solution with this? Thanks

imkevinabraham commented 8 years ago

After a lot of time wasted the way I fixed it was to use a controller for the login/callback instead of placing the code in routes and then had to put use \Session; after the namespace and it started working. Note: Im using laravel 5.1. For 5.2 I just put it in the Route::group(['middleware' => ['web']], function () { } route and it worked.

youyi1314 commented 8 years ago

@imkevinabraham Thanks for reply,

I found my actual problem is my JS keep loading login script. so the key keep changing, but the server keep the first sesion key only.

~Close~

zratan commented 8 years ago

insert this code after $helper = $fb->getRedirectLoginHelper();

 ` $_SESSION['FBRLH_state']=$_GET['state'];`

and it wil work or for more detail visit facebook login apps

fanals commented 7 years ago

I was getting this error in my log file and finally understood it was happening when someone was denying the facebook connect and then hitting browser back button.

I was missing the getRedirectLoginHelper line. Changed the code from

if (!$token) {
  return Redirect::to('/');
}

if (!$token) {
     $helper = $fb->getRedirectLoginHelper();
      if (!$helper->getError())
        abort(403, 'Unauthorized action.');
    return Redirect::to('/');
}

I put it here in case someone has the same problem