Docs: Fix state check example if session variable is not set (#946)

Co-authored-by: Frank Stuckenberg <[email protected]>
thephpleague · Apr 16, 2023 · 04041d3 · 04041d3
1 parent d4bcb32
commit 04041d3
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/docs/usage.md b/docs/usage.md
@@ -47,7 +47,7 @@ if (!isset($_GET['code'])) {
     exit;
 
 // Check given state against previously stored one to mitigate CSRF attack
-} elseif (empty($_GET['state']) || (isset($_SESSION['oauth2state']) && $_GET['state'] !== $_SESSION['oauth2state'])) {
+} elseif (empty($_GET['state']) || empty($_SESSION['oauth2state']) || $_GET['state'] !== $_SESSION['oauth2state']) {
 
     if (isset($_SESSION['oauth2state'])) {
         unset($_SESSION['oauth2state']);