CSRF状态令牌与提供的令牌不符 [英] CSRF state token does not match one provided
本文介绍了CSRF状态令牌与提供的令牌不符的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
<
require_once('src / facebook.php');
require_once('src / fbconfig.php');
// Facebook验证部分
$ user_id = $ facebook-> getUser();
$ loginUrl = $ facebook-> getLoginUrl(array(
'scope'=>'publish_stream')
);
if($ user_id){
$ _SESSION ['user_id'] = $ user_id;
echo< script> top.location.href ='https://www.example.com/app-folder/welcome'</script>;
退出;
}
?>
。
。
< body>
<?php echo'< a href ='。$ loginUrl。'target =_ top>请登录< / a>'; ?>
。
。
< / body>
解决方案
getLoginUrl() code>生成一个新的令牌。如果您的用户已经登录(使用
$ user_id = $ facebook-> getUser()
),则最终会得到2个令牌。
如果用户已经被认证,请不要求$ loginUrl。
$ user_id = $ facebook-> getUser();
if($ user_id){
$ _SESSION ['user_id'] = $ user_id;
echo< script> top.location.href ='https://www.example.com/app-folder/welcome'</script>;
退出;
} else {
$ loginUrl = $ facebook-> getLoginUrl(array(
'scope'=>'publish_stream')
);
}
?>
I know there are tons of post on stackoverflow about the issue on "CSRF state token does not match one provided." However, I tried and doesn't seem to solve the issue. Can you please take a look at my code below? Please tell me what you think and how to solve the problem. I have already updated to latest PHP SDK version.
<?
require_once ('src/facebook.php');
require_once ('src/fbconfig.php');
//Facebook Authentication part
$user_id = $facebook->getUser();
$loginUrl = $facebook->getLoginUrl(array(
'scope' => 'publish_stream')
);
if ($user_id) {
$_SESSION['user_id'] = $user_id;
echo "<script>top.location.href = 'https://www.example.com/app-folder/welcome'</script>";
exit;
}
?>
.
.
<body>
<?php echo '<a href="'.$loginUrl.'" target="_top">Please login</a>'; ?>
.
.
</body>
解决方案
getLoginUrl()
generates a new token. If your user is already logged in (with $user_id = $facebook->getUser()
), you'll end up with 2 tokens.
Don't ask for the $loginUrl if the user is authenticated already.
$user_id = $facebook->getUser();
if ($user_id) {
$_SESSION['user_id'] = $user_id;
echo "<script>top.location.href = 'https://www.example.com/app-folder/welcome'</script>";
exit;
} else {
$loginUrl = $facebook->getLoginUrl(array(
'scope' => 'publish_stream')
);
}
?>
这篇关于CSRF状态令牌与提供的令牌不符的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文