0

I am trying to implement facebooksdk but am getting this error when trying to get a token.

Facebook SDK returned an error: Cross-site request forgery validation failed. The "state" param from the URL and session do not match

the code for the callback file is 

<?php session_start();
require_once __DIR__ . '/FacebookSDK/vendor/autoload.php';

$fbData = array(
    'app_id' => ' ',
    'app_secret' => ' ',
    'default_graph_version' => 'v2.2'
);

$fb = new Facebook\Facebook($fbData);

$helper = $fb->getRedirectLoginHelper();
try {
  $accessToken = $helper->getAccessToken();

  // this token will be valid for next 2 hours

} catch(Facebook\Exceptions\FacebookResponseException $e) {
  // When Graph returns an error
  echo 'Graph returned an error: ' . $e->getMessage();

  exit;
} catch(Facebook\Exceptions\FacebookSDKException $e) {
  // When validation fails or other local issues
  echo 'Facebook SDK returned an error: ' . $e->getMessage();

  exit;
}
$uuid = $_GET['id'];
if (!$link = mysql_connect(' ', ' ', ' ')) {
    echo '700';
    exit;
}

if (!mysql_select_db('regt', $link)) {
    echo '701';
    exit;
}
$sql00 = "INSERT INTO fbconnect ".
       "(agent, token,date,album) ".
       "VALUES ".
       "('".$uuid."', '".$accessToken."',CURRENT_TIMESTAMP(),NULL)";
mysql_select_db('regt');
$retval = mysql_query( $sql00, $link);
if(! $retval )
{

}
$code1 = $_REQUEST['code'];
$states = $_REQUEST['state'];
$url1 = 'secondlife:///app/fbc/connect/facebook?code=';
$url2 = $code1;
$state1 = $states;
$furl1 = $url1 . $url2 . $state1;
header("HTTP/1.1 302 Moved Permanently"); 
header('Location: '. $furl1);
//echo $accessToken;
?>

what is causing this error and what to do to fix it?

also this is what i get when i dump everything sent to this script

array(3) { ["id"]=> string(36) "7a240011-1b54-4a91-be27-a5cf8f474a39" ["code"]=> string(323) "AQD6tVaYn-_9RMFhGDKpZBXyiRjpULu0Psz4fnuCj052obDHJPI5zdaEmrh0j3lWktRL2kUbBaz5cHKtqTHhAWEYmHs8n3HJSGdn5jsxjmZNBTMpuZOhQWkCKmpCQS5VFkpmEl0JoavdxjU5ppg_QrhMouaIstQ4JK2i1Zcp1DiSnRlecxDCMGKubpF1OZcskArESVe2QvRP0QWH_0W2Amej4LPyJpbJN--4g7yCDKfn-y4eTc1TYUfEEszHwALsH4wN01ZrTkKEesoxXcM8_lUO6H0B42qPXA4jLUDSLFqKw1_PHNK278qz9u677uHhEoA" ["state"]=> string(32) "a52351fce83560e076ea2c3195f478d8" } array(1) { ["FBRLH_state"]=> string(32) "ab0460ca778fd670578ffa4083070628" } Facebook SDK returned an error: Cross-site request forgery validation failed. The "state" param from the URL and session do not match.NULL

this is my login.php file

<?php session_start(); 
require_once __DIR__ . '/FacebookSDK/vendor/autoload.php';
$uuid = $_GET['id'];
$fbData = array(
    'app_id' => ' ',
    'app_secret' => ' ',
    'default_graph_version' => 'v2.2'
);

$fb = new Facebook\Facebook($fbData);

$params = array('req_perms' => 'publish_actions');
$helper = $fb->getRedirectLoginHelper();
$loginUrl = $helper->getLoginUrl('http://osxchange.org/apps/callback.php?id='. $uuid, $params);

header("HTTP/1.1 301 Moved Permanently"); 
header('Location: '. $loginUrl);
?>
Kristopher Therrien
  • 89
  • 1
  • 7
  • 1
    Did you checked this http://stackoverflow.com/questions/31520593/facebook-php-sdk-5-api-2-4-cross-site-request-forgery-validation-failed-r/31542061?noredirect=1#comment51055949_31542061 – Techidiot Sep 16 '15 at 21:02
  • yes Buush i have tried that and still same error – Kristopher Therrien Sep 16 '15 at 21:19
  • 2
    You need to call getLoginUrl(...) after getAccessToken(). Get rid of it and try again. This should have enough answers for you - > http://stackoverflow.com/questions/31347341/the-state-param-from-the-url-and-session-do-not-match – Techidiot Sep 16 '15 at 21:24

0 Answers0