Hi all,

Problems trying to login with Facebook on a website. The issue is that it works for me, but when I add other tests in the App settings, it doesn't work for them, they are getting the error: Facebook SDK returned an error: Cross-site request forgery validation failed. The "state" param from the URL and session do not match.

But this is not TRUE! My session data is:

    [FBRLH_state] => 31ac6aa90aa1a7e4eaf18f5103a29bad

And the URL: https://www.facebook.com/v2.5/dialog/oauth?client_id=134812913531966&state=31ac6aa90aa1a7e4eaf18f5103a29bad&response_type=code&sdk=php-sdk-5.1.2&redirect_uri=http%3A%2F%2Fvicdeals.co.nz%2Ffb-callback.php&scope=email%2Cpublic_profile%2Cuser_location%2Cuser_education_history3

Note that the STATE is the same for both. So the error message is surely false.

I am setting my sessions at the top of all scripts:

if(!session_id()) {

And like I said, this works absolutely fine for me, but not for any other user.... Any idea?!

An update, but a disturbing one, I have temporaily fixed the issue by setting the Session data based upon the $_GET['state'] parameter in my callback.php ... But surely it is not supposed to work like this?

$helper = $fb->getRedirectLoginHelper();

$_SESSION['FBRLH_state'] = $_GET['state'];
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, learning, and sharing knowledge.