我使用API Facebook登录我的网站,但是…从桌面浏览器登录正常,从移动浏览器登录返回错误。
手机浏览器的错误信息是:Facebook SDK returned an error: Cross-site request forgery validation failed. Required param "state" missing from persistent data.
在登录页面中,我使用此代码生成到facebook的链接(我使用的是Facebook PHP SDK)
登录
if(!session_id()) {
session_start();
}
$fb = new Facebook'Facebook([
'app_id' => APP_ID,
'app_secret' => APP_SECRET,
'default_graph_version' => 'v2.2'
]);
$helper = $fb->getRedirectLoginHelper();
$permissions = ['email']; // Optional permissions
$loginUrl = $helper->getLoginUrl(SERVER_CALLBACK, $permissions);
$facebook = htmlspecialchars($loginUrl);
这是回调
调
if(!session_id()) {
session_start();
}
$fb = new Facebook'Facebook([
'app_id' => APP_ID,
'app_secret' => APP_SECRET,
'default_graph_version' => 'v2.2',
'persistent_data_handler'=>'session'
]);
$helper = $fb->getRedirectLoginHelper();
try {
$accessToken = $helper->getAccessToken();
} catch(Facebook'Exceptions'FacebookResponseException $e) {
// When Graph returns an error
echo 'Graph returned an error: ' . $e->getMessage();
exit;
} catch(Facebook'Exceptions'FacebookSDKException $e) {
// When validation fails or other local issues
echo 'Facebook SDK returned an error: ' . $e->getMessage();
exit;
}
if (! isset($accessToken)) {
if ($helper->getError()) {
header('HTTP/1.0 401 Unauthorized');
echo "Error: " . $helper->getError() . "'n";
echo "Error Code: " . $helper->getErrorCode() . "'n";
echo "Error Reason: " . $helper->getErrorReason() . "'n";
echo "Error Description: " . $helper->getErrorDescription() . "'n";
} else {
header('HTTP/1.0 400 Bad Request');
echo 'Bad request';
}
exit;
}
// Logged in
// The OAuth 2.0 client handler helps us manage access tokens
$oAuth2Client = $fb->getOAuth2Client();
// Get the access token metadata from /debug_token
$tokenMetadata = $oAuth2Client->debugToken($accessToken);
// Validation (these will throw FacebookSDKException's when they fail)
$tokenMetadata->validateAppId(APP_ID);
// If you know the user ID this access token belongs to, you can validate it here
$tokenMetadata->validateExpiration();
if (! $accessToken->isLongLived()) {
// Exchanges a short-lived access token for a long-lived one
try {
$accessToken = $oAuth2Client->getLongLivedAccessToken($accessToken);
} catch (Facebook'Exceptions'FacebookSDKException $e) {
echo "<p>Error getting long-lived access token: " . $helper->getMessage() . "</p>'n'n";
exit;
}
}
我很奇怪,因为在桌面导航中一切都很正常,但在移动浏览器中却出了问题。
会话生成过程中出现问题。
错误代码:
if (ini_set('session.use_only_cookies', 1) === FALSE) exit();
// Forces sessions to only use cookies.
ini_set( 'session.cookie_httponly', 1 );
// This stops JavaScript being able to access the session id.
// Activate if you use a HTTPS connection
ini_set( 'session.cookie_secure', 0 );
// Sets the session name to the one set above.
session_name(NAME_SESSION);
session_set_cookie_params(3600 * 12);
session_start();
session_regenerate_id(TRUE); // <- This is the error
因为函数session_regenerate_id不能很好地处理不稳定的网络。例如手机和WiFi网络。因此,调用session_regenerate_id可能会丢失会话。