authCodeHandler's state != get_CSRF_token(request) check keeps failing

[jhselvik]

This could be because I am new to integrating Oauth2, but I've followed the readme but can not make it past the line

elif state != get_CSRF_token(request): # validate against CSRF attacks

in the authCodeHandler view function. I've been trying with the Connect to Quickbooks button.

I can comment out this check, but then I am not validating against CSRF attacks, and this is probably insecure. Can anyone help me understand why my sandbox app cannot pass this validation?

Thanks