Author Topic: CSRF state token does not match one provided. (Read 4088 times)

Aficionado · « **on:** October 21, 2013, 08:51:29 pm »

Not 100% sure that the Facebook Connect plugin is to blame, but those log errors started after i installed it.

[21-Oct-2013 02:38:50 America/Los_Angeles] CSRF state token does not match one provided.

I see several of those errors daily.

garciademarina · « **Reply #1 on:** October 22, 2013, 03:06:54 pm »

Hi,

Has been fixed, you can see the changes here:

https://github.com/osclass/plugin-facebook/commit/a78adec1b31ea73dfeec54354c49d87439c062cf

I'm going to upload the package to market.osclass.org

Thanks for reporting

serjuc11111 · « **Reply #2 on:** April 02, 2015, 03:02:36 pm »

The problem is that after authenticating an user using $facebook->getLoginUrl(), the subsequent $facebook->getUser() call would fail, retuning 0.

The issue is with the PHP SDK, which relies on $_REQUEST from the server, which has changed in PHP 5.4.0 because of default php.ini settings having been changed.
use :
protected function get_code() {
$server_info = array_merge($_GET, $_POST, $_COOKIE);
if (isset($server_info['code'])) {
if ($this->state !== null && isset($server_info['state']) && $this->state ===server_info['state']) {

$this->state = null;
$this->clearPersistentData('state');
return $server_info['code'];
}
else {

return false;
}
}
return false;
}

Osclass forums

News:

Author Topic: CSRF state token does not match one provided. (Read 4088 times)

Aficionado

CSRF state token does not match one provided.

garciademarina

Re: CSRF state token does not match one provided.

serjuc11111

Re: CSRF state token does not match one provided.