function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
LMoncherLMoncher 

Self Service Sessions vs. Regular Sessions

Greetings Dev Community,
 
My company is just starting to move over to Salesforce.com and My task is to integrate our existing Client Support site with Salesforce.  To this end we're utilizing the API through C# and ASP.NET.  Another learning curve for me but I'm getting there [our Dev team uses it so it was thought best to go down a route where we have internal support].
 
Apparently there is a difference between a Self Service Session and a Regular User Session, as once I got my code working correctly to validate my self service user I'm getting an exception "INVALID_SESSION_ID: Self Service User Sessions are not valid for use with the API".
 
So what is the difference between a Self Service User Session and a regular session?  What can I do with a self service session?  Am I limited to only validating the login and setting passwords?
 
Thanks in advance!
LMoncherLMoncher
Follow Up:  Long searching identifies that as of 2005 spring, I think, the only thing a Self Service Account can do is query the server timestamp.
 
So, In creating an independant user portal I'm of the mind that I'll need to maintain one instance as the Self Service Account (to validate login and check for session timeout) and a separate instance as an Admin/Service accout to actaully retrieve information on behalf of the Self-Service Account.
 
Is the point of the Self Service Sessions strictly login validation integration?
SuperfellSuperfell
For SelfServiceUsers yes.

You may want to investigate the new customer portal infrastructure and users, customer portal users do have regular API access.
LMoncherLMoncher

Thanks Simon, least I know I'm not slamming into walls now from my own stupidity.  But no, that wont work for us either due to technical and integration issues.
mary.annjoymary.annjoy

Hi,

Even I'm trying to bind my external custom app with salesforce. Did you handle veridy whether the user has logged in Salesforce within your application and if so, how did you maintain the session?

Also, how did you handle the logout within your application, since Salesforce handles the logout and there is no web service call to handle the logout?

Thanks.

 
LMoncherLMoncher
What were doing is making the call to salesforce to validate the login.
The rest of the session we do as a master account as the self-service session can't do anything.
mary.annjoymary.annjoy

Well,

I want to verify that the user is being redirected from the Salesforce site after logging in. This I do by using the sessionID which is in the querystring in the URL of our site which happens after logging into Salesforce and clicking on a link to redirect to our site. I want to ensure that nobody is able to access our site without first logging into Salesforce.

I would also like to know how to handle the log out since it is directly handled by Salesforce.
ineedhelpineedhelp
Did you solve the problem?  That is exactly what I wish to do.
LMoncherLMoncher
Actually, the issues of insuring logout etc from saleforce is exactly why we flipped the scenario.  We're sending clients to US first and coding access to validate the login.  Then we're able to handle the session on our side with impunity.
 
So far this is looking good for our development.  We'll see how it scales when we go to load test it.
silkkengsilkkeng
Hi,
This is exactly what I am trying to achieve now. Can you please share some experience about this?
E.g. how does SessionID passed by the URL should get validated by Remote

Thanks..
DK
LMoncherLMoncher
Where using the API to login the self service user via soap, then we flag the user as "authenticated" in our code.
 
After that we use a master login that has full access to the system though the api and programmatically tie it to the user.  That's done following the API Net 2.0 proagmmin examples.  (i.e. session id is stored inthe soap handler)
 
silkkengsilkkeng
Hi, but in terms of the security, if someone got your full URL, simply typed the URL and would get authenticated as well.

I am thinking if we are able to use session Id by using GETSESSIONID in salesforce, pass it to the remote, and remote will get this SESSION ID and find out who is this and if he is currently logged in to Salesforce. If he does, then allow authorised.

Any idea.?