Cross-site request forgery validation failed. Required param "state" missing from persistent data

[niko-afv]

I hav this message:

Cross-site request forgery validation failed. Required param "state" missing from persistent data

in this code:

try { $token = $fb->getAccessTokenFromRedirect(); } catch (Facebook\Exceptions\FacebookSDKException $e) { dd($e->getMessage()); }

have you any idea, how can resolve it?

Thanks!

[ImFireblade]

I have the same problem....
I've checked the code and it seems that the session gets emptied after the redirect and i don't know why....
The session_id is the same to it's the same session and in the facebook_login the value are memorized correctly...
@SammyK is the only one who can save us...

[ImFireblade]

Ok maybe i've found the solution...At least for me it seems it works.
So go in the function ValidateCsrf() in FacebookRedirectLoginHelper.php and ut at the top of the function
$persistentDataHandler=new FacebookSessionPersistentDataHandler();

[foekall]

sameproblem here

[csimpi]

Same here
@SammyK any idea? I'm stuck.

[snortatu]

Same problem?? Any fix? Thanks @SammyK

[ivy47]

@foekall @snortatu @ImFireblade
As i can see, laravel does not use native php sessions. It has its own implementation for session handling.
https://github.com/laravel/framework/blob/5.8/src/Illuminate/Session/Middleware/StartSession.php#L49
As the facebook documentation says:

By default, the SDK will try to use the native PHP session for the persistent data store.
https://developers.facebook.com/docs/php/Facebook/5.0.0

Facebook SDK class accepts config, that has persistent_data_handler value.

If you wish to write your own persistent data handler, you can code your persistent data handler to the Facebook\PersistentData\PersistentDataInterface and set the value of persistent_data_handler to an instance of your custom handler.

So i created my own persistent data handler class that is implemeting Facebook\PersistentData\PersistentDataInterface and used it instead of default facebook persistent data handler.

Here goes my custom persistent data handler class code

namespace App\Classes\FacebookSdk;


use Facebook\PersistentData\PersistentDataInterface;

class LaravelSessionPersistentDataHandler implements PersistentDataInterface
{
    public function get($key)
    {
        return session()->get($key);
    }

    public function set($key, $value)
    {
        session()->put($key, $value);
    }
}

And config looks like this

'facebook_config' => [
        'app_id' => env('FACEBOOK_APP_ID'),
        'app_secret' => env('FACEBOOK_APP_SECRET'),
        'default_graph_version' => 'v2.10',
        //'enable_beta_mode' => true,
        //'http_client_handler' => 'guzzle',
        'persistent_data_handler' => new \App\Classes\FacebookSdk\LaravelSessionPersistentDataHandler()
    ],

[Saad-Afzal]

if (request('state')) {
$helper->getPersistentDataHandler()->set('state', request('state'));
}
Simply add above code in callback code before following
$accessToken = $helper->getAccessToken();