经过大量调试和会话处理程序测试。我意识到主要的问题是PHP 5.5仍然保持状态会话。而query_string状态码与状态码无法匹配。所以总是在PHP 5.5上的CSRF问题。

我将使用php 5.4安装新的服务器。会让你了解这个错误。

I have 2 different servers and one has login problem with facebook. After days and hours debugging , I realized that I can get only one session from facebook session array.

Server with Php-Fpm and Nginx has also memcached installed on server. But never record sessions on memcached.

PS: I realized that my facebook login doesn't work properly, when we installed ssl on our server. Till 19th of june, my facebook app summary doesn't show any active users.

I already asked a question before debugging my server, so this question different than this question but you could have some clues there.

Codeigniter getuser() returns 0 after facebook dialog

Array
(
    [fb_318641601624810_state] => a44e40cd3f78e7bd3ff39308aebf32ef
)

Hosting from hostgator

Array
(
    [69a781bf56f6d6bfec49fd65c890f879_fb_136649313157374_state] => 6df72b81b5be574ea5b263ef97225b3b
    [fb_319000531588917_code] => AQCAGxOs9dtrS9ppFC6NhLOiWc1moSLPMl0JewkEYYrBWKP7PvL9hv_LuV6vv3pmBzmawpQ8J5aj3hl9ZEiHEWlm5hw9EroLH_JOVXv3YvJcZfdzknQ1QscPnEQr8DgYbFOH-_S193p7Fv2PNd0U3IR1zE1Jb9YOjHorzWjW5iyrGzu2mF3g7Nmg2ONEibmlNQUKUwljcUC7lyzxeC6qjHMEkYqDm3-f8xWx7OjVtQQzFoRZzXgTOislJ7-JQ0LHnu4kZjT46Q0K64Bvz040ab2hwoRjyiUIgWwFpctuYMtqYxxRnt2nJXNRCn8oigF_LB0
    [fb_319000531588917_access_token] => CAAEiIRleVzUBACpazeUMcTvULMpPZADu5QwiPpAU0RUmHGIFNkWsvfQKPCvBpC3ZA8C1IfuALn0YVyobGffp52o1ZBJbpiPSx66ZBO6MGoEZBhRkLjsjIZASRxvNyLhj5mqddxbcREZCznuYyeVLZAa97IiHA9ZC3arkJZBThtuYylLym8jG8zdTtaHIoG0oKKeb8ZD
    [fb_319000531588917_user_id] => 608666757
)

I start to compare php.ini confs but there is no luck, is it possible have problem like this? Or am I debugging wrong? Because I have been working on this for 2-3 days and I'm nearly getting crazy.

My testing page both of them are different apps for testing. These are not Codeigniter based testing pages they are simple php sdk's, I wanted to know that if the problem is with Codeigniter.

So the problem is my nginx site never get return access_token in session array.

You could compare my phpinfo files from here.

Compare Phpinfo files

I will be really happy if you could help me on debugging this problem, now nobody could sign up or login from my facebook login.

Just only one scenario works, if user already granted my app in past. User has to click login again after access token error.

After alot debugging and session handler tests. I realized that the main problem is PHP 5.5 still keeps state session. And query_string state code couldn't match state codes. So always CSRF problem on PHP 5.5.

I will install new server with php 5.4. Will keep you about this bug.