function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
twongopenairtwongopenair 

INVALID_SESSION_ID: Invalid Session ID found in SessionHeader: Illegal Session

Hi,

 

We have an integration that has been using version 10 of the API and it works fine. I'm interesting in migrating to a later version of the API but am getting the error message

 

INVALID_SESSION_ID: Invalid Session ID found in SessionHeader: Illegal Session

 

when I try this. The integration uses a partner WSDL. Basically, a login is issued and it returns successful, we grab the serverURL and sessionID and use them to make subsequent calls. New sessions appear to be created but still getting the error message when trying to make any call after login; e.g. describeSObject.

 

I've changed the "Lock sessions to the IP address from which they originated", then logout but still getting the error message.That seemed to be on setting that was common to others who had this issue.

 

Again, v10 of the API, we have no issues like this. The only thing different is the endpoint - the basic SOAP to login is the sam and I get a valid response upon login. 

 

Does anyone have any thoughts?

 

Thanks in advance,

Tony

 

 

 

 

 

 

 

 

 

 

 

 

 

Best Answer chosen by Admin (Salesforce Developers) 
SuperfellSuperfell

Your SessionHeader and sessionId elements in the soap header are not in any namespace, they need to be in the xml namesapce defined by the WSDL. The newer API endpoints are stricter about this.

All Answers

SuperfellSuperfell

Can you post an example of the request that gets this error, are you perhaps sending a partner API request to the enterprise API endpoint ?
twongopenairtwongopenair

Thanks, Simon. I'm using the endpoint specified in serverURL after a successful login. Here is part of the response from a successful login using API v19:

 

<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns="urn:partner.soap.sforce.com" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <soapenv:Body>
        <loginResponse>
            <result>
                <metadataServerUrl>https://na2-api.salesforce.com/services/Soap/m/19.0/00D400000008fyh</metadataServerUrl>
                <passwordExpired>false</passwordExpired>
                <sandbox>false</sandbox>
                <serverUrl>https://na2-api.salesforce.com/services/Soap/u/19.0/00D400000008fyh</serverUrl>
                <sessionId>00D400000008fyh!AQ0AQNagxHJAqUkVbpGFF0ueoIdEKjwiMTntm4zYEy5QrIhpKpZsE.vCkMCEeIZTRxPNxohvX45eVB5qbtzodGBeZHh9y3kT</sessionId>
                <userId>00540000000zBGjAAM</userId>
                <userInfo>
                      [snip...]
                </userInfo>
            </result>
        </loginResponse>
    </soapenv:Body>
</soapenv:Envelope>

 

So re-using the highlighted serverURL as our endpoint and the session ID, this is a describeSObject request.

 

<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/1999/XMLSchema" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
    <SOAP-ENV:Header>
        <SessionHeader>
            <sessionId xsi:type="xsd:string">00D400000008fyh!AQ0AQNagxHJAqUkVbpGFF0ueoIdEKjwiMTntm4zYEy5QrIhpKpZsE.vCkMCEeIZTRxPNxohvX45eVB5qbtzodGBeZHh9y3kT</sessionId>
        </SessionHeader>
        <CallOptions>
            <client xsi:type="xsd:string">OpenAir/1.0</client>
        </CallOptions>
    </SOAP-ENV:Header>
    <SOAP-ENV:Body>
        <sforce:describeSObject xmlns:sforce="urn:partner.soap.sforce.com">
            <sforce:sObjectType xsi:type="xsd:string">Opportunity</sforce:sObjectType>
        </sforce:describeSObject>
    </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

 

but this yields a response like this:

 

<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:sf="urn:fault.partner.soap.sforce.com" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <soapenv:Body>
        <soapenv:Fault>
            <faultcode>sf:INVALID_SESSION_ID</faultcode>
            <faultstring>INVALID_SESSION_ID: Invalid Session ID found in SessionHeader: Illegal Session</faultstring>
            <detail>
                <sf:UnexpectedErrorFault xsi:type="sf:UnexpectedErrorFault">
                    <sf:exceptionCode>INVALID_SESSION_ID</sf:exceptionCode>
                    <sf:exceptionMessage>Invalid Session ID found in SessionHeader: Illegal Session</sf:exceptionMessage>
                </sf:UnexpectedErrorFault>
            </detail>
        </soapenv:Fault>
    </soapenv:Body>
</soapenv:Envelope>

which is odd since the session is a new session.

 

Fwiw, the v10 partner endpoint we're using looks like this: 

 

https://na2-api.salesforce.com/services/Soap/u/10.0/00D400000008fyh

 

if that helps at all.

 

Thanks for any help or insight,

Tony

 

 
SuperfellSuperfell

Your SessionHeader and sessionId elements in the soap header are not in any namespace, they need to be in the xml namesapce defined by the WSDL. The newer API endpoints are stricter about this.

This was selected as the best answer
twongopenairtwongopenair

Ah, that was it! Thanks Simon.

 

Tony