facebook - The "state" param from the URL and session do not match -

in facebook documantion

require('include/facebook/autoload.php'); //sdk directory $fb = new facebook\facebook([ 'app_id' => '***********', 'app_secret' => '***********************' ]);  $helper = $fb->getredirectloginhelper(); $permissions = ['email', 'public_profile']; // optional $loginurl = $helper->getloginurl('http://www.meusite.com.br/login-callback.php', $permissions); 

when direct url $loginurl, return is: facebook sdk returned error: cross-site request forgery validation failed. "state" param url , session not match

i had same error.

the problem occurred because did getloginurl(...) before getaccesstoken()

so rid of getloginurl(...) in redirected url , code should works.