fb登录错误 - CSRF状态令牌与提供的不匹配 [英] fb login error - CSRF state token does not match one provided

问题描述

我在我的网站上使用facebook登录

已下载facebook php sdk源自 https://github.com/facebook/facebook-php-sdk

为facebook登录，遵循步骤在 http://25labs.com/tutorial-integrate-facebook-connect-to-your-website-using-php-sdk-v-3-xx-which-uses-graph-api/

在第一个实例上，它从不登录，只能在2次尝试后通过Facebook登录。 CSRF错误出现在每次我尝试登录。

进一步挖掘代码（base_facebook.php），知道在第一个登录实例： $ this-> state 不等于 $ server_info ['state'] ，因此是CSRF错误。

试图找到解决这个错误浏览各种帖子，但是没有成功。请建议一个解决方案。谢谢

解决方案

我也有这个问题。

我还通过名称state设置一个cookie和$ _SESSION变量。这是因为FB类使用相同的密钥名称导致与Facebook类的冲突。

以下是我为其他人提供的解决方案：

Facebook PHP SDK v3.2.3

要做的是用'fb_state'交换某些state的实例。 / b>

编辑（Marcus）：我还用$ _GET ['state']换出$ _REQUEST ['state']的所有实例。这将强制应用程序从URL后用户授权获取状态值，因为$ _REQUEST将会拾取您可能已经拥有的任何存储的状态cookie。在我的情况下，有一个。

例如。 www.example.com/?code=AQA5cjNZ8iuZ ...& 状态 = 48a4a0a89ebb0c568f713fabebcd4899＃ =

我的以前存储的状态cookie由于我自己的站点上的以前的活动：ON

  echo $ _REQUEST ['state']; //生成'ON'
 
 echo $ _GET ['state']; //生成48a4a0a89ebb0c568f713fabebcd4899 
  

在我的网站上。而且我不想改变我的网站在服务器上存储cookie和会话变量的方法，只是为了FB SDK。

不要将$ _REQUEST更改为$ _GET， getCode（）函数将返回false，因为：

  if（$ this-> state === $ _REQUEST ['state ']）{
  

无法解决。在我的情况下，实际的比较将是48a4a0a89ebb0c568f713fabebcd4899对'ON'。

src / facebook.php

  public function __construct（$ config）{
 ... 
 $ state = $ this-> getPersistentData（'state'）; // line 67 
 //更改为
 $ state = $ this-> getPersistentData（'fb_state'）; 
 
 protected static $ kSupportedKeys = 
 array（'fb_state'，'code'，'access_token'，'user_id'）; // line 83 
  

src / base_facebook.php

  $ state = $ this-> getPersistentData（'fb_state'）; // line 263 
 
 $ this-> clearPersistentData（'fb_state'）; // 730 
 
 $ this-> setPersistentData（'fb_state'，$ this-> state）; // line 776 
  

希望这有助于将来的某人。

• Marcus

i am using facebook login on my website

downloaded facebook php sdk source from https://github.com/facebook/facebook-php-sdk

for facebook login, followed steps given at http://25labs.com/tutorial-integrate-facebook-connect-to-your-website-using-php-sdk-v-3-x-x-which-uses-graph-api/

on first instance it never logs in, only able to login through facebook after 2 attempts. CSRF error shows up everytime i try to login.

on digging in the code(base_facebook.php) further, came to know that on first login instance: $this->state is not equal to $server_info['state'], hence the CSRF error.

tried to find a solution to this error browsing through various posts, however, no success. please suggest a solution. thanks

解决方案

I had this problem too.

On my site I also set a cookie and $_SESSION variable by the name 'state'. This was causing a conflict with the Facebook class since the FB class uses the same key name.

Below is my resolution for others with this issue:

Facebook PHP SDK v3.2.3

What were going to do is swap out certain instances of 'state' with 'fb_state'.

EDIT (Marcus): I also swapped out all instances of $_REQUEST['state'] with $_GET['state']. This would force the application to get the 'state' value from the URL post user authorization as $_REQUEST will pick up any stored 'state' cookie you might already have. And in my case, there was one.

E.g. www.example.com/?code=AQA5cjNZ8iuZ...&state=48a4a0a89ebb0c568f713fabebcd4899#=

My previously stored 'state' cookie due to previous activity on my own site: ON

echo $_REQUEST['state']; // produces 'ON'

echo $_GET['state']; // produces 48a4a0a89ebb0c568f713fabebcd4899

On my site. And I wasn't about to go changing my site's method of storing cookies and session variables on the server just for the FB SDK.

Without changing $_REQUEST to $_GET, the getCode() function will return false because:

if ($this->state === $_REQUEST['state']) {

Will not resolve. The actual compare would be 48a4a0a89ebb0c568f713fabebcd4899 against 'ON' in my case.

src/facebook.php

public function __construct($config) {
    ...
    $state = $this->getPersistentData('state'); // line 67
    // change to
    $state = $this->getPersistentData('fb_state');

protected static $kSupportedKeys =
    array('fb_state', 'code', 'access_token', 'user_id'); // line 83

src/base_facebook.php

$state = $this->getPersistentData('fb_state'); // line 263

$this->clearPersistentData('fb_state'); // 730

$this->setPersistentData('fb_state', $this->state); // line 776

Hope this helps somebody in the future.

• Marcus

这篇关于fb登录错误 - CSRF状态令牌与提供的不匹配的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！