You need to sign in to do that
Don't have an account?
dkleb
Winter '09 Changes (Breaks) Session Behaviour in VisualForce Pages
There are VisualForce pages in our application, whose controllers make web service calls to an external service. This service authenticates the caller by using the standard salesforce.com SSO (Single Sign-on) procedures, namely, the VF controller passes the API URL and the current session ID to the web service as parameters and the web service in turn calls back to the salesforce.com API to validate the session. It gets the API URL from the VF page, and the session Id using UserInfo.getSessionId().
This strategy is documented and implemented in sample salesforce.com code and has been working for us for the better part of the year. It continues to work from custom field formulas as well.
This strategy is documented and implemented in sample salesforce.com code and has been working for us for the better part of the year. It continues to work from custom field formulas as well.
Along comes Winter '09 and it no longer works in VisualForce. The session ID we pass to the web service is now invalid. The error is: INVALID_SESSION_ID: Invalid Session ID found in SessionHeader. The only clue is that the URL hosting the page has changed (although the API url has not). No code has changed on our side.
Message Edited by dkleb on 10-16-2008 05:55 AM