Why is getSessionFromRedirect() return a NULL?

2019-01-14 12:38发布

站内问答 / 移动开发
1620 8 6

I have the following code which redirects the user to log into facebook and tries to retrieve the session but the session is NULL:

<?php

session_start();

require 'vendor/autoload.php';

use Facebook\FacebookSession;
use Facebook\FacebookRedirectLoginHelper;

FacebookSession::setDefaultApplication('Foo', 'Bar');

$helper = new FacebookRedirectLoginHelper('Baz');
$loginUrl = $helper->getLoginUrl();  

echo '<a href="' . $loginUrl . '">Log In</a>';  

$session = $helper->getSessionFromRedirect();  

// This displays [NULL] always
echo '[' . gettype($session) . ']';

?>

I don't understand why the $session is always NULL. Please help.

8条回答
兄弟一词,经得起流年.
2楼-- · 2019-01-14 13:06

Ok, so the goal was to get a FacebookSession. There needs to be 2 pages: 1 for displaying the Log In link and the other to accept the instance of FacebookSession. In page1.php put:

<?php

session_start();

require 'vendor/autoload.php';

use Facebook\FacebookSession;
use Facebook\FacebookRedirectLoginHelper;

FacebookSession::setDefaultApplication('foo', 'bar');

$helper = new FacebookRedirectLoginHelper('page2.php');
$loginUrl = $helper->getLoginUrl();

echo '<a href="' . $loginUrl . '">Log In</a>';

?>

In page2.php put:

<?php

session_start();

require 'vendor/autoload.php';

use Facebook\FacebookSession;
use Facebook\FacebookRedirectLoginHelper;

FacebookSession::setDefaultApplication('foo', 'bar');

$helper = new FacebookRedirectLoginHelper('page2.php');

// Now you have the session
$session = $helper->getSessionFromRedirect();
?>

Thanks Fosco for your help.

查看更多
0人赞 添加讨论(0) 举报
来,给爷笑一个
3楼-- · 2019-01-14 13:10

There is a bug in the FacebookRedirectLoginHelper.php line 214!

change the $_GET['state'] with $_SESSION['state'] from this way:

  /**
   * Check if a redirect has a valid state.
   *
   * @return bool
   */
  protected function isValidRedirect()
  {
    $savedState = $this->loadState();
    if (!$this->getCode() || !isset($_GET['state'])) {
      return false;
    }
    $givenState = $_GET['state'];
    $savedLen = mb_strlen($savedState);
    $givenLen = mb_strlen($givenState);
    if ($savedLen !== $givenLen) {
      return false;
    }
    $result = 0;
    for ($i = 0; $i < $savedLen; $i++) {
      $result |= ord($savedState[$i]) ^ ord($givenState[$i]);
    }
    return $result === 0;
  }

to this:

 /**
   * Check if a redirect has a valid state.
   *
   * @return bool
   */
  protected function isValidRedirect()
  {
    $savedState = $this->loadState();
    if (!$this->getCode() || !isset($_SESSION['state'])) {
      return false;
    }
    $givenState = $_SESSION['state'];
    $savedLen = mb_strlen($savedState);
    $givenLen = mb_strlen($givenState);
    if ($savedLen !== $givenLen) {
      return false;
    }
    $result = 0;
    for ($i = 0; $i < $savedLen; $i++) {
      $result |= ord($savedState[$i]) ^ ord($givenState[$i]);
    }
    return $result === 0;
  }
查看更多
0人赞 添加讨论(0) 举报
再贱就再见
4楼-- · 2019-01-14 13:13

I had the same problem doing all of the above, and I fixed it by

Changing the App Setting. Facebook Developers -> My App -> Settings -> Advanced -> Valid OAuth redirect URIs -> Add '/' at the end of the directory. If it's a file, then end the path at the directory that the file is in.

查看更多
0人赞 添加讨论(0) 举报
一纸荒年 Trace。
5楼-- · 2019-01-14 13:17

You can do the session loading, login redirect and API call all from the single page if required. This tutorial shows you how it can be done.

查看更多
0人赞 添加讨论(0) 举报
戒情不戒烟
7楼-- · 2019-01-14 13:20

You should be calling getSessionFromRedirect only on the page Facebook redirects the user to after login. Then store that session somewhere, like $_SESSION, and re-use it elsewhere.

The issue is, when you generate the login url again, it changes the 'state' variable used to protect against CSRF.

查看更多
0人赞 添加讨论(0) 举报
1 2 下一页
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)