0

Hi all,

Problems trying to login with Facebook on a website. The issue is that it works for me, but when I add other tests in the App settings, it doesn't work for them, they are getting the error: Facebook SDK returned an error: Cross-site request forgery validation failed. The "state" param from the URL and session do not match.

But this is not TRUE! My session data is:

Array
(
    [FBRLH_state] => 31ac6aa90aa1a7e4eaf18f5103a29bad
)

And the URL: https://www.facebook.com/v2.5/dialog/oauth?client_id=134812913531966&state=31ac6aa90aa1a7e4eaf18f5103a29bad&response_type=code&sdk=php-sdk-5.1.2&redirect_uri=http%3A%2F%2Fvicdeals.co.nz%2Ffb-callback.php&scope=email%2Cpublic_profile%2Cuser_location%2Cuser_education_history3

Note that the STATE is the same for both. So the error message is surely false.

I am setting my sessions at the top of all scripts:

if(!session_id()) {
    session_start();
}

And like I said, this works absolutely fine for me, but not for any other user.... Any idea?!

1
Contributor
1
Reply
4
Views
1 Year
Discussion Span
Last Post by James_43
0

An update, but a disturbing one, I have temporaily fixed the issue by setting the Session data based upon the $_GET['state'] parameter in my callback.php ... But surely it is not supposed to work like this?

$helper = $fb->getRedirectLoginHelper();

$_SESSION['FBRLH_state'] = $_GET['state'];
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.