Osclass forums

Support forums => Plugins => Facebook Connect => Topic started by: articus on December 12, 2014, 12:50:18 am

Title: CSRF State Tokens
Post by: articus on December 12, 2014, 12:50:18 am

Ok, not being able to make heads or tails of this one really, so, humbly asking for a hand.

Im using OSClass 3.5.2
and FB Connect 1.4.1

Install was easy as pie, adding link likewise, App is configured and live however, I have some intermittent errors when trying to login.
What happens is that a lot of times, the user is not logged in at all, it just loops back to the site, and when I check the apache log, the following is shown:

[Thu Dec 11 21:29:30 2014] [error] [client 85.24.250.139] CSRF state token does not match one provided., referer: http://domain.tld (http://domain.tld)

Naturally, the domain name is different.
Ive been over google a couple of times, where states are mentioned, however I lack the knowhow to investigate this any further
without a few helpful pointers.

Thank you in advance

Title: Re: CSRF State Tokens
Post by: teseo on December 12, 2014, 01:03:25 am

Hi,

What version of PHP are you running?

Regards

Title: Re: CSRF State Tokens
Post by: articus on December 12, 2014, 01:09:05 am

PHP Version 5.5.19

Title: Re: CSRF State Tokens
Post by: teseo on December 12, 2014, 01:12:44 am

Check this out:

https://www.webniraj.com/2012/12/19/facebook-php-sdk-fixing-getuser-on-php-5-4-x/ (https://www.webniraj.com/2012/12/19/facebook-php-sdk-fixing-getuser-on-php-5-4-x/)

Regards

Title: Re: CSRF State Tokens
Post by: articus on December 12, 2014, 01:32:48 am

Seems to be working now, thanks for the link. you rock!

Ill be keeping a close look on the log for a while to see if anything crops up.

Title: Re: CSRF State Tokens
Post by: articus on December 12, 2014, 01:43:59 am

well, this was interresting. Most logins seems to work, however, a few results in the URL getting a really long string, like this:

http://domain.tld/?code=AQCJ6edcVIypX4RTp8Sf9tDlFvPe7t5kuVD5Z-1TKIRy4x4REDj-GtZNNnAdAGJMZx-RUj3pnl9doUrCsrl-4lGuCXRtwwf8w5ORBfkW2gO7fueKoCwElAYfFaZTKyCZSV8pgViYc_FXNQVkqpK1_lZ8KzzzOdqmjUn0nysKWwVjJdn6hH7iMLO7SpNG074UxDYiuC-s4krC0O7KyklWnCcN21xStUp6QCkopzz6hkkcClHKApPQPvnc-Of1gK-Hfxd097mBjD0DlRrsxFlsCeVq9x9C5PXLkOvV2Ea8y7V80FXlu8IIDW13zA89pvMIeF-6_jdL7tFzA_pNGCXTEMGv&state=19dd970d92160148aebeff68615efcb3#_=_ (http://domain.tld/?code=AQCJ6edcVIypX4RTp8Sf9tDlFvPe7t5kuVD5Z-1TKIRy4x4REDj-GtZNNnAdAGJMZx-RUj3pnl9doUrCsrl-4lGuCXRtwwf8w5ORBfkW2gO7fueKoCwElAYfFaZTKyCZSV8pgViYc_FXNQVkqpK1_lZ8KzzzOdqmjUn0nysKWwVjJdn6hH7iMLO7SpNG074UxDYiuC-s4krC0O7KyklWnCcN21xStUp6QCkopzz6hkkcClHKApPQPvnc-Of1gK-Hfxd097mBjD0DlRrsxFlsCeVq9x9C5PXLkOvV2Ea8y7V80FXlu8IIDW13zA89pvMIeF-6_jdL7tFzA_pNGCXTEMGv&state=19dd970d92160148aebeff68615efcb3#_=_)

and no login happens.
Nothing is shown regarding the issue in the apache log.
Any clues?

Title: Re: CSRF State Tokens
Post by: teseo on December 12, 2014, 02:15:06 am

Well, at least now we both know something new... :D Re-check the discussions about this issue on StackOverflow and other sites, it affects other software, so there must be some kind of tested solution out there... ???

Regards