CSRF state token does not match one provided FB PHP SDK 3.1.1 Oauth 2.0

Question

My server logs show a \"CSRF state token does not match one provided\" error which seems to happen for almost every user. However, the users are created and/or authenticated

Answer 1

I had the same problem in my local machine and the problem turned out to be that my hosts file was blocking communication with Verisign, so the URL Facebook tries to communicate with (http://crl.verisign.com/pca3.crl) never worked (state: 404).

Commenting out the various Verisign IP addresses from my hosts file did the trick!

Answer 2

Well, I've encountered this exact problem once, and I had a problem with the state & code parameters in the URL - my .htaccess file was not forwarding them.

I'm guessing you are having the same problem.

CSRF state token does not match one provided

Hope this helps

Answer 3

CSRF state and code are checked using local sessions, I bet you need to check your session.save_handler in your php.ini, and if it was working properly.