CSRF state token does not match one provided FB PHP SDK 3.1.1 Oauth 2.0

by

I had a similar issue last week, and tracked it down to the state field being overwritten by multiple calls to getLoginUrl(). Each time you call getLoginUrl(), a new state token is generated in the SDK and stored in the $_SESSION (it’s just a random value), so if you call it twice and the user uses the first link to log in, the second call will have reset the SDK’s internal state token, and you will get this error in your logs.

The SDK looks for the same state token in the URL coming back after Facebook authorizes the user and redirects them back to your site, and if it doesn’t match it will log this error (here’s a link to the source).

More Related Contents:

  1. Error Invalid Scopes: offline_access, publish_stream, when I try to connect with Facebook API
  2. The developers of this app have not set up this app properly for Facebook Login?
  3. Facebook OAuth “The domain of this URL isn’t included in the app’s domain”
  4. Facebook API: Get fans of / people who like a page
  5. How to get share counts using graph API
  6. FB OpenGraph og:image not pulling images (possibly https?)
  7. Send private messages to friends
  8. ‘Like’ a page using Facebook Graph API
  9. Long-lasting FB access-token for server to pull FB page info
  10. How should we retrieve an individual post now that /[post-id] is deprecated in v2.4?
  11. Facebook login message: “URL Blocked: This redirect failed because the redirect URI is not whitelisted in the app’s Client OAuth Settings.”
  12. Facebook API “This app is in development mode”
  13. Graph API returns ‘false’ or ‘Unsupported get request’ accessing public Facebook Page
  14. Fetching list of friends in Graph API or FQL – Appears to be missing some friends
  15. Getting the Facebook like/share count for a given URL
  16. Facebook Page Access Tokens – Do these expire?
  17. how to set a facebook profile picture using the graph api
  18. Get a list of friends of a friend on Facebook
  19. How to get the Facebook user id using the access token
  20. Facebook graph user picture won’t show on mobile devices
  21. Publishing To User’s Wall Without Being Online/Logged-in – Facebook Sharing Using Graph API
  22. Post to a facebook page without “manage_pages” permission using php
  23. Get public page statuses using Facebook Graph API without Access Token
  24. Facebook API SDK revoke access
  25. Get facebook friends with Graph API v.2.0 [duplicate]
  26. Creating Facebook Page programmatically through Open Graph API
  27. Get application id from user access token (or verify the source application for a token)
  28. Allowing multiple domains for 1 Facebook App (like Tumblr)
  29. List of people who shared on facebook
  30. Facebook Apps: Additional permissions

Leave a Comment