Apex Code Development You need to sign in to do that
Don't have an account?
VF Remoting runs APEX code in a wrong user context.
Has anyone encountered the issue where APEX code run by a VF Remoting call executes in a wrong user context?
One of our users is experiencing this in Chrome browser where he (an admin) had multiple user logins (different SFDC users). A visual force page using remoting calls UserInfo for a wrong user that is not currently logged in but one that has logged once before.
Thank you.
The reason this behaves differently is tied to the fact that you're Unauthenticated and logged in as "Guest" - The Remote Action is running as a separate session and for the purposes of the SOQL, it looks like another user.
Workarounds:
1) Stop using Site.createExternalUser - refactor the implementation to use Site.createPersonAccountPortalUser instead. The Person account's email address will be populated and there will be no need to do separate DML.
2) Move just the RemoteAction implementation from the Controller to another class leaving the implementation as-is. Keep "with sharing" on the Controller, get an exception to allow "without sharing" on the RemoteAction class.
3) Dumb down the UX by converting that action from a Remote Action (ajax-style) to a Command button that submits the Action for the page. This will keep it in a single session.
I hope you find the above solution helpful. If it does, please mark as Best Answer to help others too.
Thanks,
Ajay Dubedi
Hi Ajay, thank you for your attempt to help. I think we're dealing with a VF Remoting bug here.
Our VF page (static Js code) is accessigble under a tab in Salesforce so a user is always authenticated when accessing it.
When the page accesses our RemoteAction APEX ends running as an admin user, not at all a guest. The remote action method in our controller is very simple:
@RemoteAction
global static ResponseObject myMethod() {
// UserInfo.getUserId() is used here to show that APEX is running as a wrong user, admin in this case
}
The scenario is the following. An SFDC admin was logged in his own SFDC account but then decided to configure somehting for a user and logged in as that user (using his username/password). Now he is accessing our tab (and VF page) as that user but VF Remoting continues to run the RemoteAction code as the admin user. This must have to do with the multi session capabilities of Salesforce when a browser remembers the admin login and the new user login. Somehow remoting picks up the wrong session.
The same problem if the admin uses 'Login As' capability.
Thoughts?