PHP Facebook API身份验证正在运行，但在日志中看到“CSRF状态令牌与提供的不匹配”

I have hit a wall chasing down the cause of this bug.

My app is fully functioning, even though I see this error in my error log: "CSRF state token does not match one provided"

I have searched this site and seen the posts relating to using get loginUrl and .htaccess.

I cant see a problem in my code using the loginURL or my .htaccess. I will post both here.

The behavior I see is that user comes to my page (unlogged in), I display log in URL, user logs in via facebook and when they return with their state string I have 4 entries in my error log with this error.

options -multiviews
<IfModule mod_rewrite.c>
RewriteEngine On 
RewriteBase /


RewriteRule ^my$ my.php [L,QSA]
RewriteRule ^site-admin$ site-admin.php [L,QSA]
RewriteRule ^admin$ site-admin.php [L,QSA]
RewriteRule ^banned$ banned.php [L,QSA]
RewriteRule ^userlist$ userlist.php [L,QSA]
RewriteRule ^uploadfeatured$ uploadfeatured.php [L,QSA]
RewriteRule ^viewlatest$ viewlatest.php [L,QSA]
RewriteRule ^featured$ featured.php [L,QSA]
RewriteRule ^get$ get.php [L,QSA]

</IfModule>
<IfModule mod_security.c> 
   # Turn off mod_security filtering. 
   SecFilterEngine Off 

   # The below probably isn't needed, 
   # but better safe than sorry. 
   SecFilterScanPOST Off 
</IfModule>





    function getLoginURL()
{
    $facebook = new Facebook(array(
        'appId'  => APP_ID,
        'secret' => SECRET,
        'fileUpload' => true
    ));
    $user = $facebook->getUser();
    if($user && userHasPermissions())
    {
        //user has permissions and is logged in

        $me= $facebook->api('/me'); 
        $con = getConn();   
        $query="select * from users where fb_id='".$user."';";
      $result=mysql_query($query);   
        $result=mysql_query($query);     
      while ($row = mysql_fetch_assoc($result)) 
      {
      $userid =  $row['id'];
        }                                       

      if (mysql_num_rows($result) == 0)
        {
            // Got a newbie, now we need to add him into our db                 
            $query2= "INSERT INTO users (fb_id ,name ,email) VALUES ('".$user."','". $me['name']."','". $me['email']."')";
            $result2=mysql_query($query2);                          
            $facebook->api("/me/feed", "post", array(
            message => "Welcome to XXX - XXX!",
            picture => "http://XXX.us/static/img/XX.png",
            link => "http://XXX.us",
            name => "XXX ",
            caption => "XXX welcomes you!"
            ));
            echo "<script language='javascript'> window.location='http://XXX.us';</script>" ;
        }
        else
        {                           
            $query3 = "UPDATE  users SET  email='". $me['email']. "',access_token='". $facebook->getAccessToken() ."',name='". $me['name'] ."' WHERE  id=". $userid .".;";                                                              
            $result3=mysql_query($query3);                                                                                                  

        }

      return null;
    } 
    else 
    {
        $loginUrl = $facebook->getLoginUrl(
        array('scope' => 'publish_stream,user_photos,offline_access,email'));   

    }
    if($user)
    {
        $access_token = $facebook->getAccessToken();
        $query3 = "UPDATE  users SET  email='". $me['email']. "',access_token='". $facebook->getAccessToken() ."',name='". $me['name'] ."' WHERE  id=". $userid .";";                                                               
        $result3=mysql_query($query3);  
    }
    else
    {

    }
    return $loginUrl;
}