当你建立Facebook的请求,你ussually有URI这样的......
// If you want to enable CSRF, you can build some unique state and save it to session
$csrf_state = md5(uniqid(rand(), TRUE));
$this->session->set_userdata('fb_csrf_state', $csrf_state);
$dialog_url = 'http://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($redirect_url)
. "&scope=publish_stream,user_about_me,user_birthday"
. "&state="
. $csrf_state;
如果启用CSRF,然后ussualy你需要节省以上$ crsf_state在会话中,用户重定向至Facebook,然后与返回的请求检查来自Facebook(沿侧$ _GET [ '代码'])
// Then you can inspect the CSRF state
if($this->session->userdata('fb_csrf_state') == $_REQUEST['state'])
{
// This request valid, process...
}
else
{
// CSRF not valid, give user a warning
echo "You may be a CSRF victim, please try again";
}
感谢@i_forget之前,我编辑了我的问题 – insomiac