You need to sign in to do that
Don't have an account?
Fakeha Quazi
Is using $Api.Session_ID in visualforce page to be used in force.com site vulnerable?
I am using $API.Session_Id in script in a VF page. I will be using this page for guest users. This {!$Api.session_id} returns some value. Is it a wrong way to get session id as this page will be used for site Guest users? Is it vulnerable?
<apex:page controller="ABCcntr"><script> var token={!$Api.Session_ID}</script> </apex:page>
<apex:page controller="ABCcntr"><script> var token={!$Api.Session_ID}</script> </apex:page>
Do you see any INVALID_SESSION_ID error? As per below article, Before Winter 15, it was possible to get the session id for the guest user.
https://help.salesforce.com/s/articleView?id=000335516&type=1
You can use something like below. Please mark as Best Answer if above information was helpful.
Thanks,
I am getting some value in {!$Api.Session_ID} when page runs for Guest users.
My question is SF do not give access to session id, so why it works. Is it vulnerable?
Thanks,
Fakeha
Hope this helps...
Thanks,