CSRF状态令牌与提供的令牌不符 [英] CSRF state token does not match one provided

查看:96
本文介绍了CSRF状态令牌与提供的令牌不符的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我知道stackoverflow上有关于CSRF状态令牌不匹配的问题的问题。但是,我试过似乎并没有解决这个问题。你能看看下面的代码吗?请告诉我你的想法和如何解决问题。我已经更新到最新的PHP SDK版本。

  < 
 require_once('src / facebook.php'); 
 require_once('src / fbconfig.php'); 
 
 // Facebook验证部分
 $ user_id = $ facebook-> getUser(); 
 $ loginUrl = $ facebook-> getLoginUrl(array(
'scope'=>'publish_stream')
); 
 
 if($ user_id){
 $ _SESSION ['user_id'] = $ user_id; 
 echo< script> top.location.href ='https://www.example.com/app-folder/welcome'</script>; 
退出; 
} 
?> 


< body> 
<?php echo'< a href ='。$ loginUrl。'target =_ top>请登录< / a>'; ?> 


< / body>


解决方案

getLoginUrl() code>生成一个新的令牌。如果您的用户已经登录(使用 $ user_id = $ facebook-> getUser()),则最终会得到2个令牌。



如果用户已经被认证,请不要求$ loginUrl。

  $ user_id = $ facebook-> getUser(); 
 
 if($ user_id){
 $ _SESSION ['user_id'] = $ user_id; 
 echo< script> top.location.href ='https://www.example.com/app-folder/welcome'</script>; 
退出; 
} else {
 $ loginUrl = $ facebook-> getLoginUrl(array(
'scope'=>'publish_stream')
); 
}

?>


I know there are tons of post on stackoverflow about the issue on "CSRF state token does not match one provided." However, I tried and doesn't seem to solve the issue. Can you please take a look at my code below? Please tell me what you think and how to solve the problem. I have already updated to latest PHP SDK version.

<?
require_once ('src/facebook.php');
require_once ('src/fbconfig.php');

//Facebook Authentication part
$user_id = $facebook->getUser();
$loginUrl = $facebook->getLoginUrl(array(
    'scope' => 'publish_stream')
);

if ($user_id) {
    $_SESSION['user_id'] = $user_id;
    echo "<script>top.location.href = 'https://www.example.com/app-folder/welcome'</script>"; 
    exit;
} 
?>
    .
    .
<body>
<?php echo '<a href="'.$loginUrl.'" target="_top">Please login</a>'; ?>
    .
    .
</body>

解决方案

getLoginUrl() generates a new token. If your user is already logged in (with $user_id = $facebook->getUser()), you'll end up with 2 tokens.

Don't ask for the $loginUrl if the user is authenticated already.

$user_id = $facebook->getUser();

if ($user_id) {
    $_SESSION['user_id'] = $user_id;
    echo "<script>top.location.href = 'https://www.example.com/app-folder/welcome'</script>"; 
    exit;
} else {
    $loginUrl = $facebook->getLoginUrl(array(
        'scope' => 'publish_stream')
    );
}

?>

这篇关于CSRF状态令牌与提供的令牌不符的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
PHP最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆