我正在尝试实现facebooksdk,但在尝试获取令牌时遇到此错误。
Facebook SDK返回错误:跨站点请求伪造验证 失败。来自URL和会话的“状态”参数不匹配
回调文件的代码是
<?php session_start();
require_once __DIR__ . '/FacebookSDK/vendor/autoload.php';
$fbData = array(
'app_id' => ' ',
'app_secret' => ' ',
'default_graph_version' => 'v2.2'
);
$fb = new Facebook\Facebook($fbData);
$helper = $fb->getRedirectLoginHelper();
try {
$accessToken = $helper->getAccessToken();
// this token will be valid for next 2 hours
} catch(Facebook\Exceptions\FacebookResponseException $e) {
// When Graph returns an error
echo 'Graph returned an error: ' . $e->getMessage();
exit;
} catch(Facebook\Exceptions\FacebookSDKException $e) {
// When validation fails or other local issues
echo 'Facebook SDK returned an error: ' . $e->getMessage();
exit;
}
$uuid = $_GET['id'];
if (!$link = mysql_connect(' ', ' ', ' ')) {
echo '700';
exit;
}
if (!mysql_select_db('regt', $link)) {
echo '701';
exit;
}
$sql00 = "INSERT INTO fbconnect ".
"(agent, token,date,album) ".
"VALUES ".
"('".$uuid."', '".$accessToken."',CURRENT_TIMESTAMP(),NULL)";
mysql_select_db('regt');
$retval = mysql_query( $sql00, $link);
if(! $retval )
{
}
$code1 = $_REQUEST['code'];
$states = $_REQUEST['state'];
$url1 = 'secondlife:///app/fbc/connect/facebook?code=';
$url2 = $code1;
$state1 = $states;
$furl1 = $url1 . $url2 . $state1;
header("HTTP/1.1 302 Moved Permanently");
header('Location: '. $furl1);
//echo $accessToken;
?>
导致此错误的原因以及如何解决此问题?
这也是我在转发发送到此脚本的所有内容时得到的内容
array(3) { ["id"]=> string(36) "7a240011-1b54-4a91-be27-a5cf8f474a39" ["code"]=> string(323) "AQD6tVaYn-_9RMFhGDKpZBXyiRjpULu0Psz4fnuCj052obDHJPI5zdaEmrh0j3lWktRL2kUbBaz5cHKtqTHhAWEYmHs8n3HJSGdn5jsxjmZNBTMpuZOhQWkCKmpCQS5VFkpmEl0JoavdxjU5ppg_QrhMouaIstQ4JK2i1Zcp1DiSnRlecxDCMGKubpF1OZcskArESVe2QvRP0QWH_0W2Amej4LPyJpbJN--4g7yCDKfn-y4eTc1TYUfEEszHwALsH4wN01ZrTkKEesoxXcM8_lUO6H0B42qPXA4jLUDSLFqKw1_PHNK278qz9u677uHhEoA" ["state"]=> string(32) "a52351fce83560e076ea2c3195f478d8" } array(1) { ["FBRLH_state"]=> string(32) "ab0460ca778fd670578ffa4083070628" } Facebook SDK returned an error: Cross-site request forgery validation failed. The "state" param from the URL and session do not match.NULL
这是我的login.php文件
<?php session_start();
require_once __DIR__ . '/FacebookSDK/vendor/autoload.php';
$uuid = $_GET['id'];
$fbData = array(
'app_id' => ' ',
'app_secret' => ' ',
'default_graph_version' => 'v2.2'
);
$fb = new Facebook\Facebook($fbData);
$params = array('req_perms' => 'publish_actions');
$helper = $fb->getRedirectLoginHelper();
$loginUrl = $helper->getLoginUrl('http://osxchange.org/apps/callback.php?id='. $uuid, $params);
header("HTTP/1.1 301 Moved Permanently");
header('Location: '. $loginUrl);
?>