0

我对 Facebook SDK 有疑问。我不断收到以下错误:

CSRF 状态令牌与提供的不匹配

我没有之前建议的任何 RewriteRule 规则,所以这不是问题。为了知道问题出在哪里,我将 getCode() 函数更改为以下内容:

  protected function getCode() {
if (isset($_REQUEST['code'])) {
  if ($this->state !== null &&
      isset($_REQUEST['state']) &&
      $this->state === $_REQUEST['state']) {

    // CSRF state has done its job, so clear it
    $this->state = null;
    $this->clearPersistentData('state');
    return $_REQUEST['code'];
  } else {
    $add = "";
    if ($this->state == null)
        $add .= " State is null";
    if (!isset($_REQUEST['state']))
        $add .= " State is not set";
    if ($this->state !== $_REQUEST['state'])
        $add .= " States are not that same";
    self::errorLog('CSRF state token does not match one provided. problem:' . $add);
    return false;
  }
}

return false;

}

现在重新运行登录脚本后,出现以下错误:

CSRF 状态令牌与提供的不匹配。问题:状态为空状态不一样

有谁知道如何解决这个问题?

谢谢

4

2 回答 2

0

通过确保我发送请求的域与我得到答案的域相同,我的问题得到了解决。换句话说,www.website.com 与 website.com 不同。

于 2013-07-19T17:26:01.237 回答
-1

getCode函数替换为:

protected function getCode() {
  $server_info = array_merge($_GET, $_POST, $_COOKIE);

  if (isset($server_info['code'])) {
  if ($this->state !== null &&
  isset($server_info['state']) &&
  $this->state === $server_info['state']) {

// CSRF state has done its job, so clear it
    $this->state = null;
    $this->clearPersistentData('state');
    return $server_info['code'];
} else {
    self::errorLog('CSRF state token does not match one provided.');
    return false;
  }
}

return false;
}

该代码简单地结合了 $_GET、$_POST 和 $_COOKIE 数组,就像在 PHP 5.3.0 之前 $_REQUEST 的工作方式一样。希望能帮助到你。

于 2013-02-28T19:59:46.473 回答