'Invalid state' on mobile but not on Windows

My application is throwing this exception on mobile but not on other versions.

'Auth0\SDK\Exception\CoreException' with message 'Invalid state' in
/home/content/85/8824185/html/vendor/auth0/auth0-php/src/Auth0.php:558

The issue seems to be stemming from SessionStateHandler, more specifically validate. Running some validation on this code shows that self::STATE_NAME and $state are equal, but $valid is set to 1 on Desktop Firefox, however on mobile it is set to blank, causing the invalid state exception.

public function validate($state)
{
    $valid = $this->store->get(self::STATE_NAME) == $state;
    $this->store->delete(self::STATE_NAME);
    return $valid;
}

Desktop user agent: Firefox 71.0
Mobile user agent: Android 9 Firefox 68.0

Do you know why this would be happening? Thank you!

Hey there @s_spilker!

Welcome in our community! Can you raise the issue in the repo:

providing the same context as here so that repo maintainers can take a look at it and effectively troubleshoot that? Thank you! Make sure to share the link to the issue here so I can ping them!

Hey there!

Have you had a chance to open the GitHub issue in the meantime?

Hello, I have submitted the issue on GitHub.

https://github.com/auth0/auth0-PHP/issues/409

1 Like

Perfect! I will let repo maintainers to look at it then!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.