Facebook SDKエラーです。 URLとセッションの「状態」パラメータが一致しない場合、エラーが発生したときにログインできます

Question

最初に私が奇妙な振る舞いを説明します。初めてログインしようとしました。フェイスブックのログインページにリダイレクトされています。ユーザーとパスし、私は上記のエラーが発生した私のサイトに送り返されます：

クロスサイトリクエスト偽造の検証に失敗しました。 URLとセッションの「状態」パラメータが一致しません。

もし私がURL（http://www.whateverxxxxxx.com/creartemporada.php- >>私はここから....）からフェイスブックコードなしでページをリロードし、再度ログインしようとすると、完全にログインします。

基本的には：リンクに....

<?php 
session_start(); 

require_once dirname(__FILE__). '/src/Facebook/autoload.php'; 

$fb = new Facebook\Facebook([ 
    'app_id' => 'xxxxxxxxxxxxxxxx', 
    'app_secret' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx', 
    'default_graph_version' => 'v2.9', 
]); 

$helper = $fb->getRedirectLoginHelper(); 

$permissions = ['email']; // optional 

try { 
    if (isset($_SESSION['facebook_access_token'])) { 
     $accessToken = $_SESSION['facebook_access_token']; 
    } else { 
     $accessToken = $helper->getAccessToken(); 
    } 
} catch(Facebook\Exceptions\FacebookResponseException $e) { 
    // When Graph returns an error 
    echo 'Graph returned an error: ' . $e->getMessage(); 

    exit; 
} catch(Facebook\Exceptions\FacebookSDKException $e) { 
    // When validation fails or other local issues 
    echo 'Facebook SDK returned an error 1: ' . $e->getMessage(); // HERE IS WHERE I AM FIRST THROWN OUT:::: 
    exit; 
} 

if (isset($accessToken)) { 
    if (isset($_SESSION['facebook_access_token'])) { 
     $fb->setDefaultAccessToken($_SESSION['facebook_access_token']); 
    } else { 
     // getting short-lived access token 
     $_SESSION['facebook_access_token'] = (string) $accessToken; 

     // OAuth 2.0 client handler 
     $oAuth2Client = $fb->getOAuth2Client(); 

     // Exchanges a short-lived access token for a long-lived one 
     $longLivedAccessToken = $oAuth2Client->getLongLivedAccessToken($_SESSION['facebook_access_token']); 

     $_SESSION['facebook_access_token'] = (string) $longLivedAccessToken; 

     // setting default access token to be used in script 
     $fb->setDefaultAccessToken($_SESSION['facebook_access_token']); 
    } 

    // redirect the user back to the same page if it has "code" GET variable 
    if (isset($_GET['code'])) { 
     header('Location: creartemporada.php'); 
    } 

    // getting basic info about user 
    try { 
     $profile_request = $fb->get('/me?fields=name,email,id,picture.width(800).height(800),cover.width(300).height(175)'); 
     $profile = $profile_request->getGraphNode()->asArray(); 
    } catch(Facebook\Exceptions\FacebookResponseException $e) { 
     // When Graph returns an error 
     echo 'Graph returned an error: ' . $e->getMessage(); 
     session_destroy(); 
     // redirecting user back to app login page 
     header("Location: ./"); 
     exit; 
    } catch(Facebook\Exceptions\FacebookSDKException $e) { 
     // When validation fails or other local issues 
     echo 'Facebook SDK returned an error 2: ' . $e->getMessage(); 
     exit; 
    } 

    // printing $profile array on the screen which holds the basic info about user 

    $logOut = $helper->getLogoutUrl($_SESSION['facebook_access_token'], 'http://www.whateverxxxxxx.com/logout.php'); 
    echo "<a href='$logOut'>Log Out!</a>"; 


    // Now you can redirect to another page and use the access token from $_SESSION['facebook_access_token'] 
} else { 
    // replace your website URL same as added in the developers.facebook.com/apps e.g. if you used http instead of https and you used non-www version or www version of your website then you must add the same here 
    $loginUrl = $helper->getLoginUrl('http://www.whateverxxxxxx.com/creartemporada.php', $permissions); 
    echo '<a href="' . $loginUrl . '">Log in with Facebook!</a>'; 
} 

私はそれがmismachtであるために私のコードをポストしたかった質問を繰り返すことは申し訳ありません

...

Answer 1

私はここで解決策が最終的なコードで見つかりました私は追加しました $ _SESSION ['F BRLH_state '] = $ _ GET ['状態 '];

<?php 
session_start(); 

require_once dirname(__FILE__). '/src/Facebook/autoload.php'; 

$fb = new Facebook\Facebook([ 
    'app_id' => 'xxxxx', 
    'app_secret' => 'xxxxxx', 
    'default_graph_version' => 'v2.9', 
]); 

$helper = $fb->getRedirectLoginHelper(); 
$_SESSION['FBRLH_state']=$_GET['state']; 

$permissions = ['email']; // optional 

try { 
    if (isset($_SESSION['facebook_access_token'])) { 
     $accessToken = $_SESSION['facebook_access_token']; 
    } else { 
     $accessToken = $helper->getAccessToken(); 
    } 
} catch(Facebook\Exceptions\FacebookResponseException $e) { 
    // When Graph returns an error 
    echo 'Graph returned an error: ' . $e->getMessage(); 

    exit; 
} catch(Facebook\Exceptions\FacebookSDKException $e) { 
    // When validation fails or other local issues 
    echo 'Facebook SDK returned an error 1: ' . $e->getMessage(); 
    exit; 
} 

if (isset($accessToken)) { 
    if (isset($_SESSION['facebook_access_token'])) { 
     $fb->setDefaultAccessToken($_SESSION['facebook_access_token']); 
    } else { 
     // getting short-lived access token 
     $_SESSION['facebook_access_token'] = (string) $accessToken; 

     // OAuth 2.0 client handler 
     $oAuth2Client = $fb->getOAuth2Client(); 

     // Exchanges a short-lived access token for a long-lived one 
     $longLivedAccessToken = $oAuth2Client->getLongLivedAccessToken($_SESSION['facebook_access_token']); 

     $_SESSION['facebook_access_token'] = (string) $longLivedAccessToken; 

     // setting default access token to be used in script 
     $fb->setDefaultAccessToken($_SESSION['facebook_access_token']); 
    } 

    // redirect the user back to the same page if it has "code" GET variable 
    if (isset($_GET['code'])) { 
     header('Location: creartemporada.php'); 
    } 

    // getting basic info about user 
    try { 
     $profile_request = $fb->get('/me?fields=name,email,id,picture.width(800).height(800),cover.width(300).height(175)'); 
     $profile = $profile_request->getGraphNode()->asArray(); 
    } catch(Facebook\Exceptions\FacebookResponseException $e) { 
     // When Graph returns an error 
     echo 'Graph returned an error: ' . $e->getMessage(); 
     session_destroy(); 
     // redirecting user back to app login page 
     header("Location: ./"); 
     exit; 
    } catch(Facebook\Exceptions\FacebookSDKException $e) { 
     // When validation fails or other local issues 
     echo 'Facebook SDK returned an error 2: ' . $e->getMessage(); 
     exit; 
    } 

    // printing $profile array on the screen which holds the basic info about user 

    $logOut = $helper->getLogoutUrl($_SESSION['facebook_access_token'], 'http://www.xxxxwhatever.com/logout.php'); 
    echo "<a href='$logOut'>Log Out!</a>"; 


    // Now you can redirect to another page and use the access token from $_SESSION['facebook_access_token'] 
} else { 
    // replace your website URL same as added in the developers.facebook.com/apps e.g. if you used http instead of https and you used non-www version or www version of your website then you must add the same here 

    $loginUrl = $helper->getLoginUrl('http://www.xxxxwhatever.com/creartemporada.php', $permissions); 

    echo '<a href="' . $loginUrl . '">Log in with Facebook!</a>'; 
}