Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cross-site request forgery validation failed. Required param "state" missing from persistent data #203

Open
niko-afv opened this issue Jan 11, 2018 · 7 comments

Comments

@niko-afv
Copy link

niko-afv commented Jan 11, 2018

I hav this message:

Cross-site request forgery validation failed. Required param "state" missing from persistent data

in this code:

try { $token = $fb->getAccessTokenFromRedirect(); } catch (Facebook\Exceptions\FacebookSDKException $e) { dd($e->getMessage()); }

have you any idea, how can resolve it?

Thanks!

@ImFireblade
Copy link

I have the same problem....
I've checked the code and it seems that the session gets emptied after the redirect and i don't know why....
The session_id is the same to it's the same session and in the facebook_login the value are memorized correctly...
@SammyK is the only one who can save us...

@ImFireblade
Copy link

Ok maybe i've found the solution...At least for me it seems it works.
So go in the function ValidateCsrf() in FacebookRedirectLoginHelper.php and ut at the top of the function
$persistentDataHandler=new FacebookSessionPersistentDataHandler();

@foekall
Copy link

foekall commented Jan 20, 2018

sameproblem here

@csimpi
Copy link

csimpi commented Mar 12, 2018

Same here
@SammyK any idea? I'm stuck.

@snortatu
Copy link

Same problem?? Any fix? Thanks @SammyK

@ivy47
Copy link

ivy47 commented Apr 19, 2019

@foekall @snortatu @ImFireblade
As i can see, laravel does not use native php sessions. It has its own implementation for session handling.
https://github.com/laravel/framework/blob/5.8/src/Illuminate/Session/Middleware/StartSession.php#L49
As the facebook documentation says:

By default, the SDK will try to use the native PHP session for the persistent data store.
https://developers.facebook.com/docs/php/Facebook/5.0.0

Facebook SDK class accepts config, that has persistent_data_handler value.

If you wish to write your own persistent data handler, you can code your persistent data handler to the Facebook\PersistentData\PersistentDataInterface and set the value of persistent_data_handler to an instance of your custom handler.

So i created my own persistent data handler class that is implemeting Facebook\PersistentData\PersistentDataInterface and used it instead of default facebook persistent data handler.

Here goes my custom persistent data handler class code

namespace App\Classes\FacebookSdk;


use Facebook\PersistentData\PersistentDataInterface;

class LaravelSessionPersistentDataHandler implements PersistentDataInterface
{
    public function get($key)
    {
        return session()->get($key);
    }

    public function set($key, $value)
    {
        session()->put($key, $value);
    }
}

And config looks like this

'facebook_config' => [
        'app_id' => env('FACEBOOK_APP_ID'),
        'app_secret' => env('FACEBOOK_APP_SECRET'),
        'default_graph_version' => 'v2.10',
        //'enable_beta_mode' => true,
        //'http_client_handler' => 'guzzle',
        'persistent_data_handler' => new \App\Classes\FacebookSdk\LaravelSessionPersistentDataHandler()
    ],

@Saad-Afzal
Copy link

if (request('state')) {
$helper->getPersistentDataHandler()->set('state', request('state'));
}
Simply add above code in callback code before following
$accessToken = $helper->getAccessToken();

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

7 participants