function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
dklebdkleb 

Winter '09 Changes (Breaks) Session Behaviour in VisualForce Pages

There are VisualForce pages in our application, whose controllers make web service calls to an external service. This service authenticates the caller by using the standard salesforce.com SSO (Single Sign-on) procedures, namely, the VF controller passes the API URL and the current session ID to the web service as parameters and the web service in turn calls back to the salesforce.com API to validate the session. It gets the API URL from the VF page, and the session Id using UserInfo.getSessionId().
 
This strategy is documented and implemented in sample salesforce.com code and has been working for us for the better part of the year. It continues to work from custom field formulas as well.
 
Along comes Winter '09 and it no longer works in VisualForce. The session ID we pass to the web service is now invalid. The error is: INVALID_SESSION_ID: Invalid Session ID found in SessionHeader. The only clue is that the URL hosting the page has changed (although the API url has not). No code has changed on our side.
 
SuperfellSuperfell
We're currently investigating this, please log a case with support.
dklebdkleb
The AppExchange support case # is: 02176336


Message Edited by dkleb on 10-16-2008 05:55 AM
jobojobo
hi there! just had some problems with this session id thingy myself. what did come out in your case?