function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
jhartjhart 

bug: salesforce instances redirect to one another

Background:
Our application overrides the tab for an custom object with a Visualforce page.

The tab URL itself is set by salesforce & always goes to the "/servlet/servlet.Integration" page provided by salesforce.  A series of redirects takes place and the user is eventually redirect to our app's Visualforce domain (https://i.xyz.visual.force.com/apex/aaPendingAddrs).

Bug:
In the past week or so, something has broken in this redirect sequence.  Specifically, logging into to multiple salesforce instances no longer works.  Once you have visited a Visualforce page in one instance, you have to completely close your browser before you can use a Visualforce page on another instance.  Using the "logout" functionality does not work - you must completely close all browser windows.

It appears that salesforce is setting a session-length cookie in the global ".salesforce.com" domain that holds which instance should serve your Visualforce pages.  This behavior is new, and has severe consequences.  We've gotten a lot of customer calls, and we've seen problems crop up strangely multiple times.

 

I spent some time this morning documenting what I could find.  I doubt the bug is restricted solely to tabs-overriden-with-Visualforce-pages .. this probably happens whenever Visualforce pages are used.

 

 

The bug strikes in a variety of ways.  In my examples below, I first logged into an EE instance on NA4 and then logged into an EE "test edition" org on NA5.  If you watch the AVI's carefully, you will see the URL change unexpectedly from one instance back to the other.

 

 

 

1.  Login to instance 1 (na4), go to Visualforce page, then login to instance 2 (na5), then go to the Visualforce tab.  Salesforce will try to redirect to an incorrect (non-namespaced) URL in instance 1 (na4):

Here are AVIs of the bug in Firefox, IE, and Chrome.

Here's a snapshot of the error screen:

 

 

Here's a snapshot of Firebug (Firefox dev. plugin) tracing the redirect from na5 to na4:

 

 

 

 

2.  Similar to above, but try to be a good citizen and "logout" between logins:  Login to instance 1, go to Visualforce page, logout, login to instance 2, go to the visualforce tab.  Salesforce will launch into an infinite redirect loop that ends with an error being displayed to the user (exactly which error depends on the browser).


Here are AVIs of the bug in Firefox, IE, and Chrome.


Here's a snapshot of the "infinite loop" message in firefox:

 

 

 

 

 

3.  Depending on the sequence of clicks, you can also get a situation where no visible error occurs BUT when you click to a Visualforce page on one instance, you actually end up in the other instance.  This might be the worst way that the bug strikes, because you are silently in the wrong build!

Here's an AVI of that happening in Firefox.  I use two tabs (one in each instance) to show the sequence of clicks.  Note the first tab (na4) ends up at na5 when I click the "Emails" tab!

 
 Salesforce: I have opened case 02627980 to track this issue.
Message Edited by jhart on 05-04-2009 11:11 AM
Ron HessRon Hess

Hi John,

 I saw this recently and then cleared my cookies and it went away.  I assume it could come back and impact me as a developer.

 

I'd like to understand how this would / does impact your customers.  Customers presumably have only one login, on one instance, so I don't see how they would hit this.

 

I agree, this issue will hit you and me. 

 

To help raise this issue internally, could you describe the user story that hits your customers ?  Do they normally have multiple logins ? 

jhartjhart

Hi Ron,

 

We work with a number of Salesforce implementation partners / consultants.  This issue will strike them too, as they work on multiple builds at once.

 

I hope those two groups (ISVs and consulting partners) are a large enough constituency to raise the issue internally.

 

thanks,

john

 


Ron HessRon Hess

Yes, we are looking into this, for sure. 

I just wanted to include the "customer" user case in the bugreport.

 

Thanks for detailing this.

 

jhartjhart

Ron,

 

We've heard a couple customers contact us with different symptoms (one with the "page not found" per example 1, one with the "infinite loop" of example 2) ... but it's pretty difficult to get a clear account of what happened from (often non-technical) users.  We did ask a couple questions, but really only enough to point us in the right direction for sussing out the bug.  Nothing worth posting independently.

 

I wonder if there are situations where multiple logins aren't necessary?  For example, if you have one build that has two different managed packages installed ... will going to pages of the one make pages of the other not work?

Ron HessRon Hess

Quick update, we've isolated the change which causes this, and are working on a fix. 

Thanks for your patience.

JamWilJamWil

Hi Ron

 

I recently upgraded to IE8 from IE7 and noted an immediate loss of the ability to log into multiple Salesforce instances. I immediately tested Firefox, Safari and Chrome and found that they all perform the same way. I am now using all these browsers, however to avoid having to activate under each browser, it is tempting to whitelist relatively wide IP ranges. This is a security risk. I have a couple of questions:

  • is there a workaround?
  • do you have an ETA for the fix?

 

 

Thx

James

Doug ACFDoug ACF

Ron -

 

We have a customer experiencing this Redirect Loop issue in Firefox.  Can give us an update on the fix status?

natlienatlie

Hi Ron,

 

I am facing this redirect loop issue while calling the page through a custom url  on Chrome,firefox and IE also.


Please help.

 

thanks,

Natalie

GoForceGoGoForceGo

 

This is 2011 and I am still facing the issue. Perhaps it is the same issue or some other issue.  Case Number 06224614 - Customer cannot test the system.

 

Here is the description:

 

Salesforce seems to be infinite loop erratically due to redirects from na7.salesforce.com to na7.visual.

We have defined a detail page custom button which directs to a visualforce page

One user might have the issue while other user from a different IP address won't have the issue - perhaps IP address is remembered.
Different browsers on same computer would have the issue. Different computer from same IP address seem to have the issue.
Clearing cookies doesn't seem to work, since this doesn't seem to be related to cookies.


Sometimes the following thing works in clearing the issue:

Change the button URL to remove the parameter or make it point to some other page. Click the button again. Undo the change and reclick the button.

So the button URL is

/apex/xyz?sid={!CustomObject__c.Id}

Change it to /apex/xyz - this will lead to a crash when you click the button. Undo the change and it works.
Sometimes changing it to a test apex page with nothing in it works. Sometimes redirecting to yahoo might work....


 

  
  



  



jhartjhart

One thing that sometimes helps with these issues is explicitly adding the domains to the trusted domains list for 3rd party cookie acceptance.  Salesforce relies on bouncing back-and-forth to sync cookies, and if you aren't accepting 3rd party cookies, you will see myriad problems.

GoForceGoGoForceGo

I am accepting third party cookies. Would adding trusted party still help? As I mentioned, clearing all salesforce cookies and existing browser doesn't do anything. To make things worse, I see the issue on my Mac (on firefox) as well at the same time I see it on my PC (both in IE and firefox). So IP address must somehow be hooked in as well.

 

 

jhartjhart

No, if you're accepting 3rd party then adding as trusted shouldn't make any difference.  Sorry I couldn't be more helpful =)

GoForceGoGoForceGo

Turns out that the visualforce page parameter cannot be "sid". Salesforce uses this for session id...Would be nice if this was documented somewhere. Seems like SFDC has an internal knowledge base article on it .