Docs: Fix state check example if session variable is not set (#946)

Co-authored-by: Frank Stuckenberg <f.stuckenberg@gastronovi.com>

Author: Strelox

docs/usage.md

@@ -47,7 +47,7 @@ if (!isset($_GET['code'])) {
     exit;
 
 // Check given state against previously stored one to mitigate CSRF attack
-} elseif (empty($_GET['state']) || (isset($_SESSION['oauth2state']) && $_GET['state'] !== $_SESSION['oauth2state'])) {
+} elseif (empty($_GET['state']) || empty($_SESSION['oauth2state']) || $_GET['state'] !== $_SESSION['oauth2state']) {
 
     if (isset($_SESSION['oauth2state'])) {
         unset($_SESSION['oauth2state']);