We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.
  1. Home
  2. Security

Facebook SDK returned an error: Cross-site request forgery validation failed. Required param "state" missing.

I has been following the problems that returned by facebook sdk in my phalcon project, when I does facebook login: Facebook SDK returned an error: Cross-site request forgery validation failed. Required param "state" missing. To resolve it, I consumed many times, but I didn't know reason of the problem.

Now I was located facebook-sdk-for-php-v5 in app/plugins/. My code is: class UserController extends ControllerBase { ... public function fb_init() { $fb = new FB(array( 'app_id' => '......', 'app_secret' => '..........', 'default_graph_version' => 'v2.5' ));

    return $fb->getRedirectLoginHelper();
}

public function fb_loginAction()
{
    $helper = $this->fb_init();
    //$permissions = ['email'];  Optional permissions
    $loginUrl = $helper->getLoginUrl('https://153.121.73.26/in-movie/user/fb_callback');
    foreach ($_SESSION as $k=>$v) {
        if(strpos($k, "FBRLH_")!==FALSE)
            if(setcookie($k, $v))
                $_COOKIE[$k]=$v;
    }
    $this->response->redirect($loginUrl);
}

public function fb_callbackAction()
{
    $helper = $this->fb_init();

    try {
        foreach ($_COOKIE as $k=>$v) {
            if(strpos($k, "FBRLH_")!==FALSE)
                $_SESSION[$k]=$v;
        }

        $accessToken = $helper->getAccessToken();
    } catch(Facebook\Exceptions\FacebookResponseException $e) {
        // When Graph returns an error
        $this->flash->error('Graph returned an error: ' . $e->getMessage());
    } catch(Facebook\Exceptions\FacebookSDKException $e) {
        // When validation fails or other local issues
        $this->flash->error('Facebook SDK returned an error: ' . $e->getMessage());
    }

    if (! isset($accessToken)) {
        if ($helper->getError()) {
            $errmsg = "Error: " . $helper->getError() . "<br/>";
            $errmsg .= "Error Code: " . $helper->getErrorCode() . "<br/>";
            $errmsg .= "Error Reason: " . $helper->getErrorReason() . "<br/>";
            $errmsg .= "Error Description: " . $helper->getErrorDescription() . "<br/>";
        } else {
            $errmsg = 'Bad request';
        }
        $this->flash->error($errmsg);
    }
    else
        $this->flash->success('Facebook login successfully!');

    $this->response->redirect('user/index');
}

}

Well, I look forward to hearing from you asap. Thanks you.



77.7k

Not really related to Phalcon, but some guesses:

Have you started your session service explicitly ($this->session->start();) before calling fb?

Try filling in default_access_token:

$fb = new Facebook\Facebook([
      'app_id' => 'APP-ID',
      'app_secret' => 'APP-SECRET',
      'default_graph_version' => 'v2.4',
      'default_access_token' => 'APP-ID|APP-SECRET'
]);


5.2k
in reply to Lajos Bencz

Not really related to Phalcon, but some guesses:

Have you started your session service explicitly ($this->session->start();) before calling fb?

Try filling in default_access_token:

$fb = new Facebook\Facebook([
     'app_id' => 'APP-ID',
     'app_secret' => 'APP-SECRET',
     'default_graph_version' => 'v2.4',
     'default_access_token' => 'APP-ID|APP-SECRET'
]);

session service started in service.php, and facebook-sdk autoload.php was called by require_once in public/index.php



77.7k

Setting up the session service won't actually start it... it will only initialize the first time you use get/set/delete/start. Try printing session_id() at the start of your action, it will be false if there is no call to the service before it.



5.2k

So then, Do i put in which action of my code this code snippet $this->session->start(); ? fb_init, fb_login or fb_callback?