diff --git a/src/OAuth2/Exception/InvalidState.php b/src/OAuth2/Exception/InvalidState.php
index ad7b11df1..d7a2447dd 100644
--- a/src/OAuth2/Exception/InvalidState.php
+++ b/src/OAuth2/Exception/InvalidState.php
@@ -8,7 +8,7 @@
 
 class InvalidState extends \SocialConnect\Provider\Exception\AuthFailed
 {
-    public function __construct($message = 'Invalid state')
+    public function __construct($message = 'State parameter inside Request is not similar to value from Session, possible CSRF attack')
     {
         parent::__construct($message);
     }
diff --git a/src/OAuth2/Exception/UnknownState.php b/src/OAuth2/Exception/UnknownState.php
index f698a2f70..bf2f9c3b1 100644
--- a/src/OAuth2/Exception/UnknownState.php
+++ b/src/OAuth2/Exception/UnknownState.php
@@ -8,7 +8,7 @@
 
 class UnknownState extends \SocialConnect\Provider\Exception\AuthFailed
 {
-    public function __construct($message = 'Unknown state')
+    public function __construct($message = 'There is no state parameter inside redirect from OAuth provider')
     {
         parent::__construct($message);
     }