Sign Up ›
  • dkleb
  • NEWBIE
  • 0 Points
  • Member since 2008
  • Chatter
    Feed
  • 0
    Best Answers
  • 0
    Likes Received
  • 0
    Likes Given
  • 1
    Questions
  • 4
    Replies
3 replies

Winter '09 Changes (Breaks) Session Behaviour in VisualForce Pages

There are VisualForce pages in our application, whose controllers make web service calls to an external service. This service authenticates the caller by using the standard salesforce.com SSO (Single Sign-on) procedures, namely, the VF controller passes the API URL and the current session ID to the web service as parameters and the web service in turn calls back to the salesforce.com API to validate the session. It gets the API URL from the VF page, and the session Id using UserInfo.getSessionId().
 
This strategy is documented and implemented in sample salesforce.com code and has been working for us for the better part of the year. It continues to work from custom field formulas as well.
 
Along comes Winter '09 and it no longer works in VisualForce. The session ID we pass to the web service is now invalid. The error is: INVALID_SESSION_ID: Invalid Session ID found in SessionHeader. The only clue is that the URL hosting the page has changed (although the API url has not). No code has changed on our side.
 
  • October 14, 2008
  • Like
  • 0
3 replies

Winter '09 Changes (Breaks) Session Behaviour in VisualForce Pages

There are VisualForce pages in our application, whose controllers make web service calls to an external service. This service authenticates the caller by using the standard salesforce.com SSO (Single Sign-on) procedures, namely, the VF controller passes the API URL and the current session ID to the web service as parameters and the web service in turn calls back to the salesforce.com API to validate the session. It gets the API URL from the VF page, and the session Id using UserInfo.getSessionId().
 
This strategy is documented and implemented in sample salesforce.com code and has been working for us for the better part of the year. It continues to work from custom field formulas as well.
 
Along comes Winter '09 and it no longer works in VisualForce. The session ID we pass to the web service is now invalid. The error is: INVALID_SESSION_ID: Invalid Session ID found in SessionHeader. The only clue is that the URL hosting the page has changed (although the API url has not). No code has changed on our side.
 
  • October 14, 2008
  • Like
  • 0
12 replies

INVALID_SESSION_ID after winter9 release

I faced INVALID_SESSION_ID  exception calling getUserInfo() of SalesforceAppExPartnerAPI.SforceService from my .net web service.


my code:
Code:

SalesforceAppExPartnerAPI.GetUserInfoResult userInfoResult = Binding.getUserInfo();


 Binding is property where _authHeader.EXTSessionID and _authHeader.EXTServerLocation are values passed to web service from salesforce portal.
_autHeader.ExtSessionID value retrieved via apex code : UserInfo.getSessionId() and _authHeader.ExtServerLocation is
https://na6-api.salesforce.com/services/Soap/u/12.0/511500D80000000Kb2v

Code:

    private SalesforceAppExPartnerAPI.SforceService Binding {
            get {
        
                    try {                        

                        // binding
                        SalesforceAppExPartnerAPI.SforceService binding = new SalesforceAppExPartnerAPI.SforceService();
                        // by setting these values, we are essentially logged in to the API as this user
                        binding.SessionHeaderValue = new SalesforceAppExPartnerAPI.SessionHeader();
                        binding.SessionHeaderValue.sessionId = _authHeader.EXTSessionID;
                        binding.Url = _authHeader.EXTServerLocation;
                                    

                        return binding;
                    } catch (System.Web.Services.Protocols.SoapException exsoap) {
                        if (exsoap.Code.ToString().Contains("API_DISABLED_FOR_ORG")) {
                            throw new EXTAPIAuthFail("This edition of salesforce.com does not provide API access."
                                + "API access is a standard feature of Enterprise "
                                + "and Unlimited Editions.<br>"
                                + "Certify your application to gain API access to "
                                + "Professional Edition as well.<br><br>", exsoap);
                        } else {
                            throw new EXTAPIAuthFail("SoapException: Unable to validate incoming web call.", exsoap);
                        }
                    } catch (System.UriFormatException uriEx) {
                        throw new EXTAPIAuthFail("The Server URL is invalid. " + uriEx.Message, uriEx);
                    } catch (Exception e) {
                        throw new EXTAPIAuthFail("Unable to connect to the API. " + e.Message, e);
                    }
                } else {
                    return _binding;
                }
            }
        }


 
Exception Stack trace:

Code:

{System.Web.Services.Protocols.SoapException: INVALID_SESSION_ID: Invalid Session ID found in SessionHeader: Illegal Session
   at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Mindflash.SalesforceAppExPartnerAPI.SforceService.getUserInfo()

 

It works fine before salesforce introduced winter9 release and version 14.0 API.