Author Topic: CSRF State Tokens (Read 1976 times)

articus · « **on:** December 12, 2014, 12:50:18 am »

Ok, not being able to make heads or tails of this one really, so, humbly asking for a hand.

Im using OSClass 3.5.2
and FB Connect 1.4.1

Install was easy as pie, adding link likewise, App is configured and live however, I have some intermittent errors when trying to login.
What happens is that a lot of times, the user is not logged in at all, it just loops back to the site, and when I check the apache log, the following is shown:

[Thu Dec 11 21:29:30 2014] [error] [client 85.24.250.139] CSRF state token does not match one provided., referer: http://domain.tld

Naturally, the domain name is different.
Ive been over google a couple of times, where states are mentioned, however I lack the knowhow to investigate this any further
without a few helpful pointers.

Thank you in advance

teseo · « **Reply #1 on:** December 12, 2014, 01:03:25 am »

Hi,

What version of PHP are you running?

Regards

articus · « **Reply #2 on:** December 12, 2014, 01:09:05 am »

PHP Version 5.5.19

teseo · « **Reply #3 on:** December 12, 2014, 01:12:44 am »

Check this out:

https://www.webniraj.com/2012/12/19/facebook-php-sdk-fixing-getuser-on-php-5-4-x/

Regards

articus · « **Reply #4 on:** December 12, 2014, 01:32:48 am »

Seems to be working now, thanks for the link. you rock!

Ill be keeping a close look on the log for a while to see if anything crops up.

articus · « **Reply #5 on:** December 12, 2014, 01:43:59 am »

well, this was interresting. Most logins seems to work, however, a few results in the URL getting a really long string, like this:

http://domain.tld/?code=AQCJ6edcVIypX4RTp8Sf9tDlFvPe7t5kuVD5Z-1TKIRy4x4REDj-GtZNNnAdAGJMZx-RUj3pnl9doUrCsrl-4lGuCXRtwwf8w5ORBfkW2gO7fueKoCwElAYfFaZTKyCZSV8pgViYc_FXNQVkqpK1_lZ8KzzzOdqmjUn0nysKWwVjJdn6hH7iMLO7SpNG074UxDYiuC-s4krC0O7KyklWnCcN21xStUp6QCkopzz6hkkcClHKApPQPvnc-Of1gK-Hfxd097mBjD0DlRrsxFlsCeVq9x9C5PXLkOvV2Ea8y7V80FXlu8IIDW13zA89pvMIeF-6_jdL7tFzA_pNGCXTEMGv&state=19dd970d92160148aebeff68615efcb3#_=_

and no login happens.
Nothing is shown regarding the issue in the apache log.
Any clues?

teseo · « **Reply #6 on:** December 12, 2014, 02:15:06 am »

Well, at least now we both know something new...

Re-check the discussions about this issue on StackOverflow and other sites, it affects other software, so there must be some kind of tested solution out there...

Regards

Osclass forums

News:

Author Topic: CSRF State Tokens (Read 1976 times)

articus

CSRF State Tokens

teseo

Re: CSRF State Tokens

articus

Re: CSRF State Tokens

teseo

Re: CSRF State Tokens

articus

Re: CSRF State Tokens

articus

Re: CSRF State Tokens

teseo

Re: CSRF State Tokens