Im getting this error when leaving my browser window open for an extended amount of time say 3 hours , then trying to log in to my site through Facebook using Facebook sdk:
Facebook sdk error : Cross-site request forgery validation failed. The “state” param from the URL and session do not match
Im using laravel 5.3 , if i open a new window then try to log in everything works fine.
I know it has something to do with sessions.
I want it so that if that error appears all a user has to do is refresh the page and then they can login using Facebook.
the problem is if a user logs in using Facebook , they get redirected to mysite/facebookcallback , then on refresh its again my site/facebookcallback and the same error appears .
i'm assuming some how i need to create a new session , in the case a user leaves there browser window open for say 3 hours then tries to log in using Facebook a new session gets created thus avoiding the error, but i only need to do that if the session is old.
only solution i could think of was to add e route redirect in FacebookRedirectLoginHelper
`protected function validateCsrf()
{
$state = $this->getState();
if (!$state) {
throw new FacebookSDKException('Cross-site request forgery validation failed. Required GET param "state" missing.');
}
$savedState = $this->persistentDataHandler->get('state');
if (!$savedState) {
throw new FacebookSDKException('Cross-site request forgery validation failed. Required param "state" missing from persistent data.');
}
if (\hash_equals($savedState, $state)) {
return;
}
refresh back to home page if all else fails
return redirect()->route('home')
throw new FacebookSDKException('Cross-site request forgery validation failed. The "state" param from the URL and session do not match.');
}`
I really don't want to mess with the Facebook validateCsrf() function, but not sure what else i can do?
Im getting this error when leaving my browser window open for an extended amount of time say 3 hours , then trying to log in to my site through Facebook using Facebook sdk:
Facebook sdk error : Cross-site request forgery validation failed. The “state” param from the URL and session do not match
Im using laravel 5.3 , if i open a new window then try to log in everything works fine.
I know it has something to do with sessions.
I want it so that if that error appears all a user has to do is refresh the page and then they can login using Facebook.
the problem is if a user logs in using Facebook , they get redirected to mysite/facebookcallback , then on refresh its again my site/facebookcallback and the same error appears .
i'm assuming some how i need to create a new session , in the case a user leaves there browser window open for say 3 hours then tries to log in using Facebook a new session gets created thus avoiding the error, but i only need to do that if the session is old.
only solution i could think of was to add e route redirect in FacebookRedirectLoginHelper
`protected function validateCsrf() { $state = $this->getState(); if (!$state) { throw new FacebookSDKException('Cross-site request forgery validation failed. Required GET param "state" missing.'); } $savedState = $this->persistentDataHandler->get('state'); if (!$savedState) { throw new FacebookSDKException('Cross-site request forgery validation failed. Required param "state" missing from persistent data.'); }
I really don't want to mess with the Facebook validateCsrf() function, but not sure what else i can do?