The “state” param from the URL and session do not match when leaving browser open too long

[GQwebsites]

Im getting this error when leaving my browser window open for an extended amount of time say 3 hours , then trying to log in to my site through Facebook using Facebook sdk:

Facebook sdk error : Cross-site request forgery validation failed. The “state” param from the URL and session do not match

Im using laravel 5.3 , if i open a new window then try to log in everything works fine.

I know it has something to do with sessions.

I want it so that if that error appears all a user has to do is refresh the page and then they can login using Facebook.

the problem is if a user logs in using Facebook , they get redirected to mysite/facebookcallback , then on refresh its again my site/facebookcallback and the same error appears .

i'm assuming some how i need to create a new session , in the case a user leaves there browser window open for say 3 hours then tries to log in using Facebook a new session gets created thus avoiding the error, but i only need to do that if the session is old.

only solution i could think of was to add e route redirect in FacebookRedirectLoginHelper

`protected function validateCsrf() { $state = $this->getState(); if (!$state) { throw new FacebookSDKException('Cross-site request forgery validation failed. Required GET param "state" missing.'); } $savedState = $this->persistentDataHandler->get('state'); if (!$savedState) { throw new FacebookSDKException('Cross-site request forgery validation failed. Required param "state" missing from persistent data.'); }

    if (\hash_equals($savedState, $state)) {
        return;
    }


     refresh back to home page if all else fails
     return redirect()->route('home')
    throw new FacebookSDKException('Cross-site request forgery validation failed. The "state" param from the URL and session do not match.');
}`

I really don't want to mess with the Facebook validateCsrf() function, but not sure what else i can do?