fb登录错误 - CSRF状态令牌与提供的不匹配 [英] fb login error - CSRF state token does not match one provided
问题描述
我在我的网站上使用facebook登录
已下载facebook php sdk源自 https://github.com/facebook/facebook-php-sdk
为facebook登录,遵循步骤在 http://25labs.com/tutorial-integrate-facebook-connect-to-your-website-using-php-sdk-v-3-xx-which-uses-graph-api/ 一>
在第一个实例上,它从不登录,只能在2次尝试后通过Facebook登录。 CSRF错误出现在每次我尝试登录。
进一步挖掘代码(base_facebook.php),知道在第一个登录实例: $ this-> state
不等于 $ server_info ['state']
,因此是CSRF错误。
试图找到解决这个错误浏览各种帖子,但是没有成功。请建议一个解决方案。谢谢
我也有这个问题。
我还通过名称state设置一个cookie和$ _SESSION变量。这是因为FB类使用相同的密钥名称导致与Facebook类的冲突。
以下是我为其他人提供的解决方案:
Facebook PHP SDK v3.2.3
要做的是用'fb_state'交换某些state的实例。 / b>
编辑(Marcus):我还用$ _GET ['state']换出$ _REQUEST ['state']的所有实例。这将强制应用程序从URL后用户授权获取状态值,因为$ _REQUEST将会拾取您可能已经拥有的任何存储的状态cookie。在我的情况下,有一个。
例如。 www.example.com/?code=AQA5cjNZ8iuZ ...& 状态 = 48a4a0a89ebb0c568f713fabebcd4899# =
我的以前存储的状态cookie由于我自己的站点上的以前的活动:ON
echo $ _REQUEST ['state']; //生成'ON'
echo $ _GET ['state']; //生成48a4a0a89ebb0c568f713fabebcd4899
在我的网站上。而且我不想改变我的网站在服务器上存储cookie和会话变量的方法,只是为了FB SDK。
不要将$ _REQUEST更改为$ _GET, getCode()函数将返回false,因为:
if($ this-> state === $ _REQUEST ['state ']){
无法解决。在我的情况下,实际的比较将是48a4a0a89ebb0c568f713fabebcd4899对'ON'。
src / facebook.php
public function __construct($ config){
...
$ state = $ this-> getPersistentData('state'); // line 67
//更改为
$ state = $ this-> getPersistentData('fb_state');
protected static $ kSupportedKeys =
array('fb_state','code','access_token','user_id'); // line 83
src / base_facebook.php
$ state = $ this-> getPersistentData('fb_state'); // line 263
$ this-> clearPersistentData('fb_state'); // 730
$ this-> setPersistentData('fb_state',$ this-> state); // line 776
希望这有助于将来的某人。
- Marcus
i am using facebook login on my website
downloaded facebook php sdk source from https://github.com/facebook/facebook-php-sdk
for facebook login, followed steps given at http://25labs.com/tutorial-integrate-facebook-connect-to-your-website-using-php-sdk-v-3-x-x-which-uses-graph-api/
on first instance it never logs in, only able to login through facebook after 2 attempts. CSRF error shows up everytime i try to login.
on digging in the code(base_facebook.php) further, came to know that on first login instance: $this->state
is not equal to $server_info['state']
, hence the CSRF error.
tried to find a solution to this error browsing through various posts, however, no success. please suggest a solution. thanks
I had this problem too.
On my site I also set a cookie and $_SESSION variable by the name 'state'. This was causing a conflict with the Facebook class since the FB class uses the same key name.
Below is my resolution for others with this issue:
Facebook PHP SDK v3.2.3
What were going to do is swap out certain instances of 'state' with 'fb_state'.
EDIT (Marcus): I also swapped out all instances of $_REQUEST['state'] with $_GET['state']. This would force the application to get the 'state' value from the URL post user authorization as $_REQUEST will pick up any stored 'state' cookie you might already have. And in my case, there was one.
E.g. www.example.com/?code=AQA5cjNZ8iuZ...&state=48a4a0a89ebb0c568f713fabebcd4899#=
My previously stored 'state' cookie due to previous activity on my own site: ON
echo $_REQUEST['state']; // produces 'ON'
echo $_GET['state']; // produces 48a4a0a89ebb0c568f713fabebcd4899
On my site. And I wasn't about to go changing my site's method of storing cookies and session variables on the server just for the FB SDK.
Without changing $_REQUEST to $_GET, the getCode() function will return false because:
if ($this->state === $_REQUEST['state']) {
Will not resolve. The actual compare would be 48a4a0a89ebb0c568f713fabebcd4899 against 'ON' in my case.
src/facebook.php
public function __construct($config) {
...
$state = $this->getPersistentData('state'); // line 67
// change to
$state = $this->getPersistentData('fb_state');
protected static $kSupportedKeys =
array('fb_state', 'code', 'access_token', 'user_id'); // line 83
src/base_facebook.php
$state = $this->getPersistentData('fb_state'); // line 263
$this->clearPersistentData('fb_state'); // 730
$this->setPersistentData('fb_state', $this->state); // line 776
Hope this helps somebody in the future.
- Marcus
这篇关于fb登录错误 - CSRF状态令牌与提供的不匹配的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!