Last Updated: February 25, 2016
· zejesago

Facebook PHP SDK Not Handling Code/State Parameters

November 16, 2013


I've been having a problem with Facebook this week. It's that kind of bug that makes you crazy. You don't know if the problem lies in the code that you think works or package that you know works. I've created a wrapper library for Facebook PHP SDK, called Laravel Facebook (previously Laravel Social). Hence, I initially thought I had did something wrong, so I dumped it from my project then used the SDK plainly.

The Problem

After using the Facebook PHP SDK in my project, other people have been finding it unreliable to log in the website through Facebook. All that I can say was, "it works for me." Whenever they try to log in, they just get redirected back to the redirect_uri without errors.

At first, I thought that this could possibly be some session issue with Facebook and Laravel. But trying to isolate the problem further, I found out that the system had been receiving code and state parameters from Facebook. Logging in manually, this is what you would use without the SDK. However, given the straightforward example of the SDK, this should already be handled by it.

The Solution

Thank you, phwd! I had wasted around half a day of Google-ing for "facebook code/state redirect" that I mindlesly wandered of to his answer to a seemingly unrelated question. Surprisingly for me, I realized that the SDK required that getLoginUrl() to be called since it will establish a CSRF token for use with the code and state parameters. On the other hand, my production configuration was set to cache my output. This meant that getLoginUrl() could never be called when serving the cached output.

Simply fixed the bug by disabling the cache. #phew

Laravel Facebook is a package that I created for practice with Laravel and use with projects.