function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Bhaswanthnaga vivek vutukuriBhaswanthnaga vivek vutukuri 

Invalid session ID and session key missing error while integrating with third party(PHP Web app)

HI, We'r integrating our APP with PHP web app using Rest and SOAP API services...

In build Org every thing is working good,  but in enterprise org it is showing error like 'Invalid sessionID and session key missing' when  we try to access the functionalities used SOAP services. we took WSDL for SOAP services class from build org, but connected APPs present in MY  Enterpise org .. is it a prblm ???

note: When we tried to connect with demo PHP webapp with Enterprise ediction is is working, not working when tried to connect with live webapp

Best Answer chosen by Bhaswanthnaga vivek vutukuri
Bhaswanthnaga vivek vutukuriBhaswanthnaga vivek vutukuri

Hi pramod,
We fixed the error :)

thank you for reply

Regards V B Naga Vivek

All Answers


This error message can be thrown in the following scenarios:

1) The affected integration is sharing credentials with a user or another integration. In this case, if the user or the other integration log out of while the first integration is running, the existing Session ID will be invalidated, and the integration will get the INVALID_SESSION_ID error message the next time it tries to send a message to the Salesforce API.

To solve this problem, avoid sharing credentials and make sure each integration application or user use their own username.

2) One integration is making concurrent calls and not handling the session ID status. Integrations that make concurrent API calls and issue logout calls run a higher risk of receiving INVALID_SESSION_ID errors. For example, if the integration performs the following operations, in this order:

An operation may attempt to issue a create call even though the other operation has logged out, resulting in an INVALID_SESSION_ID.

Concurrency is not explicitly supported in the Web Services API and the scenario described above is not recommended. However, in some cases, multiple API requests may issue concurrent calls under the same username (i.e. possibly using the same session).  For example, one user may be using the Outlook Edition plugin and a third-party integration at the same time.

Any API calls should handle the INVALID_SESSION_ID gracefully by implementing exception handling.  There are common patterns for handling this problem:

Bubbling the error up to the user, prompting for the username and password, and issuing another login call.
Implement a session Id pooling mechanism, whereby the integration is checking the pool of session Ids, rather than issuing login() or logout() calls on a regular basis.
Issue a "ping", such as getServerTimestamp(), to check if the session Id is valid.  If it is valid, proceed with the call.  If it is not valid, attempt to retry the login automatically.
In all cases, extreme caution should be used with regard to storing usernames, passwords, and session Ids.  Consult with a security professional if the level of security in the implementation is in question.

Bhaswanthnaga vivek vutukuriBhaswanthnaga vivek vutukuri

Hi pramod,
We fixed the error :)

thank you for reply

Regards V B Naga Vivek

This was selected as the best answer
Hi Bhaswanthnaga vivek vutukuri,

I need your help. My scenario is somewhat near to your's.
We are integrating salesforce with external website(PHP). The developer at the external end will push the data into salesforce.
and it will be in PHP Script which will push the data.

My question is that what do i need to do further. Do i need to write a webservice or write a REST service and provide url or any sought of code.or can i access the data directly when he pushes the data.

Can you help me in suggesting me best ways to proceed.

Any help will be appreciated...!