Apex Code Development You need to sign in to do that
Don't have an account?
turntwo463 Visualforce Page with Flex produces "Invalid Session ID found in SessionHeader" on login
I have created a Flex
component that I've now deployed as both an S-Control and a Visualforce
page. The Flex code attempts to use the session id and server url for
logins. These values are passed in as Flash variables. When this code
is invoked
from the S-Control the login succeeeds. However the login fails when
invoked from the Visualforce page. (I can also login with username and
password from the page).
The html body for the S-Control:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head></head>
<body scroll="no" >
<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"
id="FlexSalesforce" width="100%" height="100%"
codebase="https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab">
<param name="movie" value="{!Scontrol.JavaArchive}" />
<param name="quality" value="high" /><param name="play" value="true" />
<param name="bgcolor" value="#f3f3ec" />
<param name="allowScriptAccess" value="always" />
<param name="flashvars"
value="session_id={!API.Session_ID}&server_url={!API.Partner_Server_URL_140}" />
<embed src="{!Scontrol.JavaArchive}" play="true" bgcolor="#f3f3ec"
width="100%" height="700" name="FlexSalesforce" align="middle"
flashvars="session_id={!API.Session_ID}&server_url={!API.Partner_Server_URL_140}&externalURL=https://na6.salesforce.com/resource/123XXXX89000/salesforceRSL"
loop="false" allowScriptAccess="always" type="application/x-shockwave-flash"
pluginspage="http://www.adobe.com/go/getflashplayer">
</embed>
</object>
</body>
</html>
The syntax of my page is:
<apex:page sidebar="true" showheader="true">
<apex:flash src="{!$Resource.Example5}" height="500" width="100%"
flashvars="session_id={!$Api.SESSION_ID}&server_url={!$Api.Partner_Server_URL_140}&externalURL={!$Resource.salesforceRSL}"/>
</apex:page>
Within my Flash component, the following code snippet gets called:
var connection:Connection = new Connection();
var sessionId:String = Application.application.parameters[SESSION_ID];
var serverUrl:String = Application.application.parameters[SERVER_URL];
if (sessionId != null && serverUrl != null)
{
LOG.debug("Using session id for login");
lr.server_url = serverUrl;
lr.session_id = sessionId;
loginResponder = new AsyncResponder(loginCallback);
lr.callback = loginResponder;
//connection.protocol = "https"; //tried with and without setting these
//connection.serverUrl = serverUrl;
connection.login(lr);
}
I've noticed that the
sessionId's are different for the page vs. the S-Control even though
they are invoked from the same browser moments apart. I've also noticed
that the URLs for the control use "https://na6.visual.force.com" vs.
"https://c.na6.visual.force.com" for the page.
I'm seeing the following output in my logs for the page case:
Starting login
Using session id for login
loginWithSessionId(
sid: 510600 [....] _p4DIBpWrGf
surl: https://c.na6.visual.force.com/services/Soap/u/14.0/510600D80000000ZTCY
);
App Domain = c.na6.visual.force.com
Api Server name = c.na6.visual.force.com
_internalServerUrl = https://c.na6.visual.force.com/services/Soap/u/14.0/510600D80000000ZTCY
loading the policy file: https://c.na6.visual.force.com/services/Soap/cross-domain.xml
Your application must be running on a https server in order to use https to communicate with salesforce.com!
invoke getUserInfo
intServerUrl is null
intServerUrl = https://c.na6.visual.force.com/services/Soap/u/14.0/510600D80000000ZTCY
_invoke getUserInfo
'0078EE29-37C1-427B-78E0-AE6DF3EE2F28' producer set destination to 'DefaultHTTPS'.
Method name is: getUserInfo
'direct_http_channel' channel endpoint set to http://c.na6.visual.force.com/resource/1235576467000/
'0078EE29-37C1-427B-78E0-AE6DF3EE2F28' producer sending message 'B769C4FE-87A6-A2E6-F4DA-AE6DF3FD5ABB'
'direct_http_channel' channel sending message:
(mx.messaging.messages::HTTPRequestMessage)#0
body = "<se:Envelope
xmlns:se="http://schemas.xmlsoap.org/soap/envelope/"><se:Header
xmlns:sfns="urn:partner.soap.sforce.com"><sfns:SessionHeader><sessionId>510600D80000 [...] dDV1hVMr_p4DIBpWrGf</sessionId></sfns:SessionHeader></se:Header><se:Body><getUserInfo
xmlns="urn:partner.soap.sforce.com"
xmlns:ns1="sobject.partner.soap.sforce.com"/></se:Body></se:Envelope>"
clientId = (null)
contentType = "text/xml; charset=UTF-8"
destination = "DefaultHTTPS"
headers = (Object)#1
httpHeaders = (Object)#2
Accept = "text/xml"
SOAPAction = """"
X-Salesforce-No-500-SC = "true"
messageId = "B769C4FE-87A6-A2E6-F4DA-AE6DF3FD5ABB"
method = "POST"
recordHeaders = false
timestamp = 0
timeToLive = 0
url = "https://c.na6.visual.force.com/services/Soap/u/14.0/510600D80000000ZTCY"
'0078EE29-37C1-427B-78E0-AE6DF3EE2F28' producer connected.
Method name is: getUserInfo
'0078EE29-37C1-427B-78E0-AE6DF3EE2F28' producer acknowledge of 'B769C4FE-87A6-A2E6-F4DA-AE6DF3FD5ABB'.
responseType: Fault
Saleforce Soap Fault: sf:INVALID_SESSION_ID
INVALID_SESSION_ID: Invalid Session ID found in SessionHeader: Illegal Session
(com.salesforce.results::Fault)#0
context = (null)
detail = (Object)#1
UnexpectedErrorFault = (Object)#2
exceptionCode = "INVALID_SESSION_ID"
exceptionMessage = "Invalid Session ID found in SessionHeader: Illegal Session"
xsi:type = "sf:UnexpectedErrorFault"
faultcode = "sf:INVALID_SESSION_ID"
faultstring = "INVALID_SESSION_ID: Invalid Session ID found in SessionHeader: Illegal Session"
Error: Ignoring policy file requested from
https://c.na6.visual.force.com/crossdomain.xml because a cross-domain
redirect to https://na6.salesforce.com/crossdomain.xml occurred.
Warning: Domain c.na6.visual.force.com does not explicitly specify a
meta-policy, but Content-Type of policy file
https://c.na6.visual.force.com/services/Soap/cross-domain.xml is
'text/x-cross-domain-policy'. Applying meta-policy 'by-content-type'.
Thanks in advance for your help.
David
I still don't know what exactly triggers this bug, but I found a workaround, see here
Cheers
All Answers
same issue here....
Someone knows whats happening please?
Any news on that?
Seems I got the same problem, I tried it with 2 different orgs, one with namespace (managed package), one 'normal'.
I load the same flex file with s-control and visualforce page, it only works from the scontol.
When looking at the session Id via the flex debug output, it's different when loading from the visualforce page, just like the OP describes.
<apex:page showHeader="false"> <apex:flash id="flexSOs" src="{!$Resource.FlexStuff}" height="100%" width="100%" play="true" flashvars="session_id={!$Api.Session_ID}&server_url={!$Api.Partner_Server_URL_150}"/> </apex:page>
I can confirm this behaviour, however it seems to be related to the org.
In one customer org, I have no problems connection flex using the session ID in another, it throws the above mentioned errors.
The main difference I can see is, that in the first org, the URL of the visual force component remains identical (e.g. https://emea.salesforce.com/), while in the org with the error message, the URL changes from https://na6.salesforce.com/ to https://pb.na6.visual.force.com/.
I hope someone at SF reads this thread and can come up with a solution.
Yes, the server URL definitely differs from https://na6.salesforce.com/ to https://pb.na6.visual.force.com/. But the real problem is with the session Id. The session Id you get in Different versions of visualforce pages is different.
So first create a new page then get the session ID from there and send it to flex.
Srinivas_V2,
Can you be a bit more descriptive? Having the same issue here. Not sure what you mean by "create a new page". Do you mean actually create one or create one using apex/visualforce? And how do you suggest sending that new session id to the flex?
Thanks!
I still don't know what exactly triggers this bug, but I found a workaround, see here
Cheers
Thanks wintamute, that worked.
Unfortunately I had to scrap my visualforce-flex work anyways. It seems there is no way to get access to report info from inside flex inside visualforce because of cross-site scripting restrictions as well as the way that Salesforce redirects requests. Oh well, guess I have to use an s-control.
paul-lmi,
If you need to reference the partner URL from within Apex, I think this work around might help. Create a hidden input in Visualforce. Create Javascript that executes when the page loads that defaults the hidden field value to the partner URL. Then when the form is submitted you can then reference the value from within Apex.
<script type="text/javascript" src="/jquery.js"></script> <script type="text/javascript"> $(function() { $("#pUrl").val("{!$Api.Partner_Server_URL_150}"); }); </script> <apex:form> <apex:inputHidden id="pUrl" value="{!partnerUrl}" /> </apex:form> ---------------------- private string partnerUrl { get; set; }
Similar problem here. So I'll add our thanks as well for the workaround - my wall thanks you and so does my head.
For the record: I wasn't working across multiple orgs. When I displayed {!$Api.Session_ID} in the VF page, and display the 'parameter.sid' that flashvars is supposed to pass into Flex, the session_id values are different. And as you can see from the image (hopefully) below, the session id produced my wintamute's workaround is different from that produced by $Api.Session_ID
The VF page:
<apex:page standardController="Incident__c" extensions="incidentExt">
<apex:pageBlock title="Incident Mapper">
{!MySessionId}
<apex:flash src="{!$Resource.incidentMapper}" width="100%" height="50"
flashvars="sid={!MySessionId}&surl={!$Api.Partner_Server_URL_150}"/>
{!$Api.Session_ID}
</apex:pageBlock>
</apex:page>
Just confirming that this bug still exists, as of the time of this post. I used the prescribed workaround until this is fixed.
sfdcfox,
I have confirmed that the Session Id generated by {!$Api.Session_ID} in a Visualforce page is still different than the Session Id generated in Apex ( userInfo.getSessionId() ) which is also different than the Session Id generated by {!$Api.Session_ID} in an S-Control. The Flex error does not seem to occur, but I still cannot get my flex tool fully working with Visualforce and Apex.