Facebook SDK返回错误:跨站请求伪造验证失败。来自URL和会话的“状态”参数不匹配?
我知道这个话题有很多话题,但他们都不会解决我的问题。Facebook SDK返回错误:跨站请求伪造验证失败。来自URL和会话的“状态”参数不匹配?
Facebook SDK returned an error: Cross-site request forgery validation failed. The "state" param from the URL and session do not match.
的login.php:
require_once '/../../../vendor/autoload.php';
$fb = new Facebook\Facebook([
'app_id' => 'appid',
'app_secret' => 'appsecret',
'default_graph_version' => 'v2.8',
]);
$helper = $fb->getRedirectLoginHelper();
$permissions = ['email', 'public_profile', 'user_birthday', 'user_friends', 'user_location']; // optional
$loginUrl = $helper->getLoginUrl('https://website.com/login-callback.php', $permissions);
登录-callback.php:
include("library/config.php");
include $_SERVER['DOCUMENT_ROOT']. '/../../../vendor/autoload.php';
$fb = new Facebook\Facebook([
'app_id' => 'appid',
'app_secret' => 'appsecret',
'default_graph_version' => 'v2.8',
]);
$helper = $fb->getRedirectLoginHelper();
try {
$accessToken = $helper->getAccessToken();
} catch(Facebook\Exceptions\FacebookResponseException $e) {
// When Graph returns an error
echo 'Graph returned an error: ' . $e->getMessage();
exit;
} catch(Facebook\Exceptions\FacebookSDKException $e) {
// When validation fails or other local issues
echo 'Facebook SDK returned an error: ' . $e->getMessage();
exit;
}
if (isset($accessToken)) {
// Logged in!
$_SESSION['facebook_access_token'] = (string) $accessToken;
try {
// Returns a `Facebook\FacebookResponse` object
$response = $fb->get('/me?fields=id,name,first_name,last_name,birthday,email,link,gender,locale,verified,friends,location', $accessToken);
} catch(Facebook\Exceptions\FacebookResponseException $e) {
echo 'Graph returned an error: ' . $e->getMessage();
exit;
} catch(Facebook\Exceptions\FacebookSDKException $e) {
echo 'Facebook SDK returned an error: ' . $e->getMessage();
exit;
}
//echo $response->getGraphUser();
$user = $response->getGraphUser();
$_SESSION['facebook_uid'] = $user->getId();
/* Do Login Things -> Database update etc. */
header("Location: /");
}
我真的不知道如何解决这个错误。
尝试使用
session_start();
在这两个文件
使用FB类
请尝试解释为什么这可能有助于OP,并可能提供备份您的声明的参考。 – idmean
这不提供问题的答案。一旦你有足够的[声誉](https://*.com/help/whats-reputation),你将可以[对任何帖子发表评论](https://*.com/help/privileges/comment);相反,[提供不需要提问者澄清的答案](https://meta.stackexchange.com/questions/214173/why-do-i-need-50-reputation-to-comment-what-can- I-DO-代替)。 - [来自评论](/ review/low-quality-posts/17855109) – Hidde
难道你包括你的login.php不止一次的过程中,或者说您呼叫的getLoginUrl方法比以前多了一旦? (它会在每次执行的会话中创建一个新的状态值。) – CBroe