Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Problem with Facebook login not matching CSRF state token

Tags:

facebook

.htaccess

facebook-php-sdk

I did some searches and I didn't find anything that was related to my problem.

I'm currently trying to implement a Facebook login to my website and I'm having problems with the login authentication due to htaccess mod rewrite URLs?

The code works perfectly and I get logged in if I use it without the mod rewrite rules like:

domain.com/view_webhosting.php?webhosting=name

But as soon as I go over to the mod rewrite URL 

domain.com/webhosting-name/

Then it just doesnt work and throws a error "CSRF state token does not match one provided."

in the htaccess file it looks like this

RewriteRule ^webhosting-([a-z_0-9-]+)/$ /view_webhosting.php?webhosting=$1 [L]

Anyone have a solution to a problem like this? I am using Facebook SDK v3.1.1

like image 944
John Avatar asked Sep 07 '11 21:09

John

2 Answers

The PHP SDK expects the 'state' field to be in $_REQUEST (I believe as a GET param) after the redirect before you can exchange the 'code' for an access token. From base_facebook.php:

protected function getCode() {
  if (isset($_REQUEST['code'])) {
    if ($this->state !== null &&
      isset($_REQUEST['state']) &&
      $this->state === $_REQUEST['state']) {

      // CSRF state has done its job, so clear it
      $this->state = null;
      $this->clearPersistentData('state');
      return $_REQUEST['code'];
    } else {
      self::errorLog('CSRF state token does not match one provided.');
      return false;
    }
  }

  return false;
}

Your RewriteRule may be stomping on that param.

like image 172
bismark Avatar answered Sep 24 '22 09:09

bismark

Thanks bismark.

You were correct; it couldn't get the GET parameters, and the solution was this:

From

RewriteRule ^webhosting-([a-z_0-9-]+)/$ /view_webhosting.php?webhosting=$1 [L]

to

RewriteRule ^webhosting-([a-z_0-9-]+)/$ /view_webhosting.php?webhosting=$1 [QSA,L]

Query string append [QSA]

•'qsappend|QSA' (query string append)
This flag forces the rewrite engine to append a query string part of the substitution string
to  the existing string, instead of replacing it. Use this when you want to add more data
to the query string via a rewrite rule.

Thanks guys, put me on the right track!

like image 39
John Avatar answered Sep 20 '22 09:09

John
Sign in to Comment

Related questions

facebook-app: how can i change the height of a resizeable iframe application?
How does paging work on the C# Facebook sdk
Easy way of posting on Facebook page (not a profile but a fanpage)
Facebook Server Side flow problem for Access Token: "Error validating verification code."
How can I get "close friends" list of a Facebook user, using the Graph API?
Add data-scope variables to a facebook login button
Triggered @mention Autocomplete like Facebook, Twitter and Google+
Facebook Cover Photo API using PHP
How to get the first_name via graph api?
nginx big header response
How to set User read permission on FBLoginview in ios?
news feed from facebook wall to a android app
How to get a facebook access token using appid and app secret without any login credentials?
No such module FBSDKCoreKit error
How to extract the direct facebook video url
how to get user data from Facebook SDK on iOS
Getting large thumbnail photos from Instagram is no longer working with "replace"
Delete facebook session cookie from my application on users logout
django-social-auth incorrect authentication service
Access "Page Tab Edit URL" from the page

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!