Advertisement:

Author Topic: CSRF state token does not match one provided.  (Read 4089 times)

Aficionado

  • Guest
CSRF state token does not match one provided.
« on: October 21, 2013, 08:51:29 pm »

Not 100% sure that the Facebook Connect plugin is to blame, but those log errors started after i installed it.

[21-Oct-2013 02:38:50 America/Los_Angeles] CSRF state token does not match one provided.


I see several of those errors daily.


garciademarina

  • Administrator
  • Hero Member
  • *****
  • Posts: 974
Re: CSRF state token does not match one provided.
« Reply #1 on: October 22, 2013, 03:06:54 pm »
Hi,

Has been fixed, you can see the changes here:

https://github.com/osclass/plugin-facebook/commit/a78adec1b31ea73dfeec54354c49d87439c062cf

I'm going to upload the package to market.osclass.org

Thanks for reporting

serjuc11111

  • Hero Member
  • *****
  • Posts: 814
Re: CSRF state token does not match one provided.
« Reply #2 on: April 02, 2015, 03:02:36 pm »
 The problem is that after authenticating an user using $facebook->getLoginUrl(), the subsequent $facebook->getUser() call would fail, retuning 0.


The issue is with the PHP SDK, which relies on $_REQUEST from the server, which has changed in PHP 5.4.0 because of default php.ini settings having been changed.
use :
protected function get_code() {
$server_info = array_merge($_GET, $_POST, $_COOKIE);
if (isset($server_info['code'])) {
    if ($this->state !== null &&  isset($server_info['state']) && $this->state ===server_info['state']) {

         
            $this->state = null;
            $this->clearPersistentData('state');
            return $server_info['code'];
 }
else {
         
            return false;
        }
}
return false;
}