Home » Php » php – facebook api appending #_=_ to my return uri

php – facebook api appending #_=_ to my return uri

Posted by: admin July 12, 2020 Leave a comment


I’m using the facebook php library to authenticate users to my app, it’s working fine but for some reason facebook is appending the characters #_=_ to the end of my return uri. I read that they did this if the redirect_uri parameter wasn’t set but I do have it set, in fact I’m redirected to that URL successfully after I log in on facebook.

Here’s how I get the login url:

$fbLoginUrl = $fb->getLoginUrl(array(
    'scope' => 'email,publish_stream,user_birthday,user_photos,friends_photos',
    'redirect_uri' => 'http://myapp.net/auth'

Everything works fine it’s just a cosmetic thing I guess. Can anyone help me?

Thanks in advance!

How to&Answers:

On Facebook developer blog, it was told that, if you explicitly set the redirect_uri param, you won’t get the #_=_ appended to the callback uri. But this is not the case. You still get those characters even on setting redirect_url field. But that won’t have any effect on your flow.

Check this: Session Redirect Behavior – setting redirect_uri explicitely


You can only get rid of this client-side.

You might think that you could solve this server-side by redirecting to a URL without the anchor:

  • facebook redirects to http://MyFacebookRedirectUrl...#_=_
  • Then we redirect to some new URL, without the anchor

….But the #_=_ reappears by magic in the browser address bar – how?

See James Pearce’s answer at http://developers.facebook.com/bugs/318390728250352 :

“Some browsers will append the hash fragment from a URL to the end of a new URL to which they have been redirected (if that new URL does not itself have a hash fragment).”

and also this:


Firefox, Chrome, and Opera [and now IE10] will re-attach a URL
Fragment after a HTTP/3xx redirection has taken place, even though
that fragment was not present in the URL specified by the Location
header on the redirection response

So if you’re just doing server side redirects from your Facebook redirect page, you’re going to have to remove this client-side.

The other alternative is to redirect server-side to a URL that contains a different named anchor – but that doesn’t really solve the problem and not all browsers will do the same thing.