+ Start a Discussion
Richie DRichie D 

Session IDs in sites

Hello fellow 'sites-ers'
I have an problem where I want to store the users session Id so I can pull back session variables within my apex code. (Goal is to create own authentication process.) Problem is this:
I hit the first page UserInfo.getSessionId() returns a sessionId. If I store this in my custom object and go off to my next page; using UserInfo.getSessionId() I get a different session Id.
(All UserInffo.getsessionId() method calls are in constructors - not sure if that is important or not...)
Why is this? Any ideas? Any soultions?
Best Answer chosen by Admin (Salesforce Developers) 
Ron HessRon Hess
Visualforce pages keep state as you move from one to another, so just build a series of pages that work using visualforce to pass state, then when you include these pages in your site ( list of pages to allow) everything should work fine.

All Answers

There is no session id for anonymous use case. Sites provides seamless integration with customer Portal and PRM portal. You will get session id after authentication against one these type of portals.
Richie DRichie D
Thanks Bulent.

So if I don't have access to Customer Portal or PRM then is there anyway to store 'session data'?

If I can't store information in a session, is there any way to keep track of a users choices as they move through a site? Do I have access to cookies for example? Can I add HTTP headers?

Is there any piece of information I can access to check if the request is coming from the same session?

Any help appreciated!

Ron HessRon Hess
Visualforce pages keep state as you move from one to another, so just build a series of pages that work using visualforce to pass state, then when you include these pages in your site ( list of pages to allow) everything should work fine.
This was selected as the best answer

I don't quite understand the solution here. Does this only work if all the pages use the same controller?


My use case is bread crumbs on a public site. How would I keep a list of visited urls during a session? 


Message Edited by Scott.M on 03-17-2009 12:55 PM
Richie DRichie D

I didn't understand the solution either. I resorted to creating my own session custom object and having the controllers update and retrieve data from this. I passed my custom session Id around in the queryString which told me which session to load up. Create your own timeout functions and it should work like cookieless sessions in other technologies.


I'm not sure a shared controller would work unless the whole of the session in serialised and stored in the viewstate of the visualforce page and reloaded when the next page is reached. (Umm no, that wouldn't work either as any 'get' (standard hyperlinks) wouldn't get this data... It'd only be valid for page postbacks (in the .net world anyway) - ignore this)


Perhaps SF could provide more information???


Thanks Richie :)


That was actually my last resort, I guess I'll have to do something similar. Any chance of sharing your session manager? 


Richie DRichie D

sorry - no can do. Work was done for a paying client who now owns the IP. 


Good luck! 



Ron HessRon Hess
I'd like to understand the need for the session ID, do you use this with the ajax tookit ?

I'll try to describe my use case as clearly as possible there may be a better way to achieve what I'm attempting to do.


On my site I have various different kinds of content stored in custom objects displayed by various visualforce pages. I need to be able to keep track of which visualforce pages and which content the users have been too to dynamically generate the bread crumbs for the site. Ideally the bread crumbs would be a component that I coud include in any of the templates or compositions.


The work around I'm using now is to have a bread crumb custom object and use javascript to store the initial session_id in a cookie and then use an ajax call to load the bread crumbs based on the cookie.


I've just started the implementation so it's not completed yet but it will work. It's just a really bad hack. I would like to avoid having every url in the site be an action call. Here's the code so far:




//Bread Crumb Code
if(!$.cookies.get('guest_session')) {
$.cookies.set('guest_session', '{!$Api.Session_ID}', {expires: 1});


public PageReference AddBreadCrumb() {

this.session_id = System.currentPageReference().getParameters().get('session_id');
this.bread_crumbs = [SELECT Id, Location__c, Page_Name__c, Order__c FROM Bread_Crumb__c WHERE Session_Id__c =: this.session_id ORDER BY Order__c ASC];

Bread_Crumb__c current = new Bread_Crumb__c(Session_Id__c = this.session_id, Location__c = this.CurrentPageUrl, Page_Name__c = this.CurrentPageName, Order__c = this.bread_crumbs.size());
insert current;

return null;

<apex:form >
<apex:actionFunction name="AddBreadCrumb" action="{!AddBreadCrumb}" reRender="bread_crumbs" />
<apex:outputPanel id="bread_crumbs">
<div class="bread-crumbs">
<apex:repeat value="{!bread_crumbs}" var="bread_crumb" >
<a href="{!bread_crumb.Location__c}"><apex:outputText value="{!bread_crumb.Page_Name__c}" /></a> >


 This idea also has some details about why we might want to be able to access the session:


Message Edited by Scott.M on 03-18-2009 10:43 AM
Message Edited by Scott.M on 03-18-2009 10:43 AM
Ron HessRon Hess

I understand, thanks for spelling it out, this appears to be a hard problem.


your solution may to assume that the sessionID is different or usefull , i did a quick test using this page

<apex:page > {!$Api.Session_ID} </apex:page>


i then made it public on a site, and hit it from two different computers. 


I get the same session id for both.


this is because the Guest User is the user for every page delivered by the server, and all users of your site would have the same session id at the same time.  


i'll give it some thought, no ideas spring up yet.



I'm faced with the exact same problem with pages exposed via Sites.  I have several pages which accept a language parameter from an external site.  If the user goes to another page, the language code should carry over (i.e. it should be sticky).  In j2ee, this is a no-brainer as a Session variable.  But one difference between my use case and Scott's is I don't believe its possible for me to do anything in the browser as a workaround since the setting (<apex:page language="">) is server side.  


IMHO, Salesforce should create a Session concept as a standard System class.  If that's not acceptable, then at least let developers have access to retrieving and setting Cookies.


-Richard Vanhook 

This is on our roadmap. Until then you might want to create/read your own cookie (javascript) and add the code on every page and have your code add url parameters so that you can read the url parameters in your apex class and visualforce page. 
FYI to anyone encountering the same problem.  I've created a "StickParametersController" and made it available via the apex-lang project.  See http://code.google.com/p/apex-lang/source/browse/trunk/eclipse-project/src/classes/StickyParametersController.cls.