diff --git a/lib/wechat/controller_api.rb b/lib/wechat/controller_api.rb
index ffc137c7..62ca88a3 100644
--- a/lib/wechat/controller_api.rb
+++ b/lib/wechat/controller_api.rb
@@ -34,7 +34,9 @@ def wechat_oauth2(scope = 'snsapi_base', page_url = nil, &block)
     def wechat_public_oauth2(oauth2_url)
       if cookies.signed_or_encrypted[:we_openid].blank? && params[:code].blank?
         redirect_to oauth2_url
-      elsif cookies.signed_or_encrypted[:we_openid].blank? && params[:code].present? && params[:state] == wechat.jsapi_ticket.oauth2_state
+      elsif cookies.signed_or_encrypted[:we_openid].blank? &&
+            params[:code].present? &&
+            params[:state].to_s == wechat.jsapi_ticket.oauth2_state.to_s # params[:state] maybe nil and wechat.jsapi_ticket.oauth2_state may be nil
         access_info = wechat.web_access_token(params[:code])
         cookies.signed_or_encrypted[:we_openid] = { value: access_info['openid'], expires: self.class.oauth2_cookie_duration.from_now }
         yield access_info['openid'], access_info