Laravel Socialite: InvalidStateException

Question

I\'m using Laravel Socialite to add a Facebook connect button on a website. Sometimes, I\'ve got this error on callback:

exception \'Laravel\\Socialite\\Two\         


        

Answer 1

2020/04

If this issue appeared for you around Feb. 2020, there is a good chance it has to do with Google Chrome version 80+ which was released in the beginning of Feb. 2020. I am not going to pretend I understand the issue in it's entirety, but in short Google Chrome treats cookies now as SameSite=Lax by default if no SameSite attribute is specified.

If your app depends on working cross-site cookies, you will need to add "SameSite=None; Secure" to your cookies. In Laravel 5.5+ you can achieve that with two changes in the session configuration:

config/session.php

'secure' => env('SESSION_SECURE_COOKIE', true), // or set it to true in your .env file

...

'same_site' => "none",

The "none" value was apparently not supported in earlier Laravel versions. But it is now, if this produces a weird error check /vendor/symfony/http-foundation/Cookie.php and make sure there is a SAMESITE_NONE constant. If it doesn't exist you probably need to upgrade your Laravel version.

Further reading:

• https://www.chromestatus.com/feature/5088147346030592
• https://web.dev/samesite-cookies-explained/