我有一个使用facebook php sdk的应用程序已经有一段时间了 - 我已经升级了'也许是6周前到4.0 SDK ..我的登录代码在过去一个月一直运行良好(FacebookRedirectLoginHelper和FacebookJavascriptHelper的组合)
从昨天开始,我无法登录Facebook并获得有效的Facebook会话。从一天工作正常,然后不再工作的那一刻起,我根本没有对代码进行任何更改。
我的Facebook登录代码如下。在通过FB PHP SDK进行一些挖掘/调试之后,我确定FacebookRedirectLoginHelper-> isValidRedirect()函数在此检查中返回null / false:
return $this->getCode() && isset($_GET['state']) && $_GET['state'] == $this->state;
$ _ GET ['州']与$ this->州不匹配
当我调用FacebookRedirectLoginHelper-> getLoginURL()时生成的状态将被Facebook传递回我的重定向网址 - 但由于某种原因,php SDK似乎在我到达时创建了一个新状态调用getSessionFromRedirect()
我在调用getSessionFromRedirect()之后才调用getLoginURL() - 所以我不知道SDK在何处或为何重新设置状态。就像我提到的那样,这段代码在2天前完美运行 - 我没有改变任何东西,它只是停止了工作,从一天到下一天。
如果我在FacebookRedirectLoginHelper-> isValidRedirect()(..&& $ _GET [' state'] == $ this-> state)中注释掉状态检查 - 一切正常。但我不想这样做,因为我相信检查是为了防范CSRF;而我也不知道改变可能产生的其他意外后果。
这是我处理fb会话的代码(这是在每个页面加载时运行)
/**
* Initialize the Facebook PHP SDK 4
*/
FacebookSession::setDefaultApplication( CL_FB_APP_ID, CL_FB_APP_SECRET);
$facebookLoginHelper = new FacebookRedirectLoginHelper(CLADDR);
$facebookJavascriptLoginHelper = new FacebookJavaScriptLoginHelper();
$facebookSession= null;
// see if we've previously saved a facebook session token
if ( isset( $_SESSION ) && isset( $_SESSION['fb_token'] ) ) {
// create new fb session object from saved access_token
cldbgmsg("Found fb_token in session");
$facebookSession = new FacebookSession( $_SESSION['fb_token'] );
// validate the access_token to make sure it's still valid
try {
if ( !$facebookSession->validate() ) {
cldbgmsg("fb_token in session no longer valid");
$facebookSession = null;
}
} catch ( Exception $e ) {
// catch any exceptions, nullify the session variable if encountered
cldbgmsg("Exception validating fb_token found in session" . $e);
$facebookSession = null;
}
}
//We didnt find a previously saved session token, so check to see if this is a new
//facebook login
if ( !isset( $facebookSession ) || $facebookSession === null ) {
try {
//Check for a new sessions coming from a redirect
cldbgmsg("Checking for new facebook session from redirect");
$facebookSession = $facebookLoginHelper->getSessionFromRedirect();
//echo "facebooksession from redirect:"; echo "<pre>"; var_dump($facebookSession); echo "</pre>";
if($facebookSession) cldbgmsg("Found new facebook session from redirect");
//If no new session from redirect, see if there is a new session set on the client side
// via facebook javascript SDK
if($facebookSession === null) {
cldbgmsg("checking for new facebook session from javascript SDK");
$facebookJavascriptLoginHelper->getSession();
if($facebookSession) cldbgmsg("Found new facebook session from Javascript SDK");
}
} catch( Facebook\FacebookAuthorizationException $ex ) {
//Auth Code expired, so nullify the facebooksession and delete the stored token
echo "FacebookAuthorizationException getting session in init_facebook";
//echo "<pre>"; var_dump($ex); echo "</pre>";
$facebookSession = null;
$_SESSION['fb_token'] = null;
//die;
} catch( FacebookRequestException $ex ) {
echo "FacebookRequestException getting session in init_facebook";
echo "<pre>"; var_dump($ex); echo "</pre>";
die;
} catch( Exception $ex ) {
// When validation fails or other local issues
echo "Exception getting session in init_facebook";
echo "<pre>"; var_dump($ex); echo "</pre>";
die;
}
}
//If we still dont have a facebook session, generate a login URL that can be used where needed
if(! $facebookSession){
cldbgmsg(" no fb session: generating url");
//Get the login URL -
$talentLoginURL = $facebookLoginHelper->getLoginUrl($talentFacebookPermissionScope);
}