So, we're using the module on an acquia setup. I'd guess that 95% of the time trying to login goes fine, but now and then we're getting the annoying ' Required param "state" missing from persistent data' exception from Facebook SDK.

Now, when we moved to Fastly, we were getting this all the time so we reverted back to not using Fastly and most people can login again.

So for some reason, the PHP session and the state param isn't there when the user returns back from facebook. I've looked at the urls and they seem fine. There's only one server and facebook simple connect persistent data handler is using the drupal session for sure as I'm seeing data in that table, for both authenticated users (afther the are authenticated) or anonymous users, so it's defintely writing data.

One thing that might trigger this (although not sure), is that there are reverse proxies before hitting the server In Acquia's setup, there are two, so the chance you're coming back via the same is pretty hight. With fastly you're not totally sure of that as there are many.

We're a bit in the dark. I've been wondering whether I should just comment out the $this->validateCsrf() call to skip that security check. What could go wrong with it ?

Or would there be a different way to store that state (e.g. database ?) but how do we make sure we are dealing with the same user then ?

Comments

swentel created an issue. See original summary.

masipila’s picture

I'm almost sure that this is an issue with the reverse proxies. We had a similar issue with Pantheon which we were able to work around, see https://www.drupal.org/node/2839766#comment-11855455

If you're able to search a solution from the SDK documentation / Facebook developer support, I'm happy to improve the Simple FB Connect module.

Cheers,
Markus

swentel’s picture

Thanks for the response. That code is already in place so that doesn't seem be working.

I Will debug some more on a test server to see what's going wrong, but yeah, it's a combo of either reverse proxies on acquia or the way fastly is setup. Hope to get some more insight tomorrow.

masipila’s picture

Hi,

I'd highly recommend you to open a ticket to Facebook Developer Support. Link was in my previous comment. They were able to help us narrowing the issue in the Pantheon case (i.e. the other issue I was referring) which of course was a completely different story but my point is that they might be able to give valuable hints for your debugging / troubleshooting. If you don't flag your Facebook ticket as private, I can try to give my 2 cents there if I see something I could contribute from Simple Fb Connect point of view.

Markus

swentel’s picture

Status: Active » Closed (works as designed)

So after some debugging we figured out that the problem was at fastly.

Excluding the simple-fb-connect paths fixed the problem (even though the routes explicitely tell it not to cache)

req.url ~ "^/user/simple-fb-connect" ||
req.url ~ "^/user/simple-fb-connect/return"

masipila’s picture

Many thanks for the follow-up! I will add this to the module handbook / documentation so that other site builders that are using reverse proxies or use external caching mechanisms would find these instructions.

Thanks again,
Markus