I have implement log-in logout with quickstart php. and now i am getting this error. PHP Fatal error: Uncaught Auth0\SDK\Exception\StateException: Invalid state in C:\webpages\phptest\vendor\auth0\auth0-
if ($auth0->getExchangeParameters()) {
// If they’re present, we should perform the code exchange.
$auth0->exchange();
}
$session = $auth0->getCredentials();
if ($session === null) {
// User is not logged in!
// Redirect to the Universal Login Page for authentication.
header("Location: " . $auth0->login());
exit;
echo $session;
}
function () use($auth0) {
// Clear the user’s local session with our app, then redirect them to the Auth0 logout endpoint to clear their Auth0 session.
header("Location: " . $auth0->logout(‘http://localhost/phptest/login.php’));
echo ‘logged out’;
exit;
};
echo json_encode($auth0,JSON_PRETTY_PRINT);
echo json_encode($session,JSON_PRETTY_PRINT);
Perfect! In order to handle that most effectively can I ask you to raise it as a GitHub issue here:
so we can work on that directly with the quickstart maintainer and solve it in the shortest period of time? Once you have a link to it please share it here so we can ping them. Thank you!
An invalid state occurs when the SDK encounters an issue reading anticipated cookies. When login() is called, a series of temporary cookies are stored on the client device. After authenticating with Auth0 and being returned to the application, during the exchange() call, the SDK checks that those cookies are present and match up with what was expected. An invalid state is thrown when they do not.
There could be any number of things interfering there:
Browser settings or policies blocking cookies.
Mixing 127.0.0.1 and localhost (each is considered a uniquely different host, and therefore has separate browser cookie jars.)
Proxying web server software interfering with cookies (this is often the case with Apache and Nginx; make sure you up their cookie header limits if you’re using those.)
Thanks for your question.