diff --git a/shopify.php b/shopify.php
index de04736..92a7d45 100644
--- a/shopify.php
+++ b/shopify.php
@@ -15,12 +15,19 @@ public function __construct($shop_domain, $token, $api_key, $secret) {
 	}
 
 	// Get the URL required to request authorization
-	public function getAuthorizeUrl($scope, $redirect_url='') {
+	public function getAuthorizeUrl($scope, $redirect_url='', $state = null) {
+		
+		if($state === null){
+		    $state = sha1(time());
+		}
+		
 		$url = "https://{$this->shop_domain}/admin/oauth/authorize?client_id={$this->api_key}&scope=" . urlencode($scope);
+		$url .='&state=' urlencode($state);
 		if ($redirect_url != '')
 		{
 			$url .= "&redirect_uri=" . urlencode($redirect_url);
 		}
+		
 		return $url;
 	}
 
@@ -79,7 +86,7 @@ public function validateSignature($query)
 
 		$dataString = array();
 		foreach ($query as $key => $value) {
-			if(!in_array($key, array('shop', 'timestamp', 'code'))) continue;
+			if(!in_array($key, array('shop', 'timestamp', 'code', 'state'))) continue;
 
 			$key = str_replace('=', '%3D', $key);
 			$key = str_replace('&', '%26', $key);