Apex Code Development You need to sign in to do that
Don't have an account?
ks_sfdc Invalid Session Id error message - inconsistencies
Hi,
We're testing our in-house appexchange version of our app within salesforce.com by configuring a web tab of type url as follows:
In my developer org, when I click my web tab, I get the following error:
INVALID_SESSION_ID:Invalid Session ID found in SessionHeader: Illegal Session
However, when my co-worker tested the same link in his developer org, it works!
Any reason why it would behave inconsistently? thanks!
KS
The session ID in the web tab may contain URL-encoded characters that need to be URL-decoded before being sent back to Salesforce.com via the API. Tell-tale signs of URL-encoded characters are + signs and hexadecimal digits that are preceded by a % sign, such as %6F. Some session IDs may have = signs in them, which the URL encoder at Salesforce.com should turn into %3D. This might be handled by the servlet library for you if you are getting the session ID query parameter through a query string parameter accessor object, but if you are extracting the session ID manually from the full URL or URI string, then you will need to URL-decode it.
Are you URL-decoding the session ID before sending it back to Salesforce.com? It's possible to debug your JSP, log that line, or write it out to System.out/err, depending on what makes sense for your runtime environment.
Strictly speaking from a wire-level perspective, the session ID will be XML-encoded when sent back to Salesforce.com due to SOAP so that characters like < will be encoded to <, but that is typically handled by the SOAP library for you. The encoding schemes used by URL query strings and XML are different.
Hopefully, this helps.
I wonder if the two developer orgs are on different servers (na4.salesforce.com versus na5.salesforce.com, as an example). It should work either way, but that might be helpful to know if this needs to be turned into a support case.
Message Edited by Steven Lawrance on 08-01-2007 10:44 AM
hi Steven,
thanks for responding. I'm in the process of getting verification on whether we are url-decoding the session id or not.
To answer your 2nd question - I took a look at the orgs and the 2 developer orgs are in fact, different. I get the error on na5 while the one on na4 works fine. I signed up for another developer org just for testing purposes, it got created on na5 and I got the same error again.
thanks.
I am the developer representing the original post :
This is what we have added :
But this still gives an error. Any thoughts ?
Note : As mentioned in the above post, we never have issues with a particular user's org.So what can we conclude ? Where else can our bug be ?
Thanks,
Milan Doshi
I created a simple PHP5 script on my server that writes out the server's timestamp information from a SOAP call. PHP5 automatically unescapes query string parameters. When I click on my custom web tab, I see "The server's time is 2007-08-03T04:54:04.299Z" with my code.
My webtab.php code exists in the following lines. My web tab link's URL, with my domain information removed to eliminate the chance that customer session IDs will appear in my server logs, is
https://www/webtab.php?url={!API.Partner_Server_URL_90}&sessionId={!API.Session_ID}
<?
# Create the SOAP client
$client = new SoapClient("/etc/apache2/salesforce-partner9.wsdl", array("encoding"=>"UTF-8", "location"=>$_GET["url"]));
# Set the session ID
$sessionHeader = new SoapHeader("urn:enterprise.soap.sforce.com", "SessionHeader", (object)array("sessionId"=>$_GET["sessionId"]));
$client->__setSoapHeaders(array($sessionHeader));
# Get the server timestamp
try {
echo "The server's time is " . $client->getServerTimestamp()->result->timestamp;
} catch (Exception $e) {
print_r($e);
}
?>
Out of curiosity, which SOAP client library and version are you using?
If you have PHP5 on a server, can you give this script a try to see if it's the organization or the JSP page? You might need to adjust the path to the partner WSDL file in the code.
Thanks Steven for the reply. I too feel it has niothing to do with na5/ na1, but then what else can it be ?
We do not have PhP capabilities here.We are using JDK1.5 and Apache SOAP Axis 1.4.
This is how our URL looks :
http://servername/DBSalesForce.jsp?serverUrl={!API.Partner_Server_URL_90}&sessionId={!API.Session_ID}
Thanks,
Milan
I'm not sure if the message board software is doing something strange with your URL, but when I pasted mine in, it formatted correctly. Is your URL inside of a HTML tag in the web tab's definition, such as an anchor <a href=""> link? I had my URL formatted in Salesforce.com exactly as
https://www/webtab.php?url={!API.Partner_Server_URL_90}&sessionId={!API.Session_ID}
with no tags or links; it was exactly that with no < or > characters in it. I'm wondering if that might be the cause, just in case if the session ID being sent is exactly "{!API.Session_ID". Because the link has to be defined in each organization manually, that might possibly be the cause, but this is a wild guess.
Simon, you the man!
It seems that one of the developer had started using TCPMon to see the Salesforce XML Request / Response logs. It was pointing to na4 !!! Its been resolved now. I am pasting the resolution here so that all absent minded dev like us can benifit and avoid unnecessary debugging :)
Thanks once again to Steven and Simon,
Regards,
Milan
we found the same error when logged in with free developer edition api access from dotnet
INVALID_SESSION_ID: Invalid Session ID found in SessionHeader: Illegal Session
Amit Lohogaonkar
Amit@varstreet.com
Are you accessing the correct server? You should log in using https://www.salesforce.com/services/Soap/u/10.0 as the endpoint and then switch the endpoint URL to the one returned in LoginResult.serverUrl. If you are using an endpoint other than the one returned in the LoginResult, then you will likely get that error message.
Is your code already doing the above and getting this error?