function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
vfDeveloper.ax341vfDeveloper.ax341 

INVALID_SESSION_ID after winter9 release

I faced INVALID_SESSION_ID  exception calling getUserInfo() of SalesforceAppExPartnerAPI.SforceService from my .net web service.


my code:
Code:

SalesforceAppExPartnerAPI.GetUserInfoResult userInfoResult = Binding.getUserInfo();


 Binding is property where _authHeader.EXTSessionID and _authHeader.EXTServerLocation are values passed to web service from salesforce portal.
_autHeader.ExtSessionID value retrieved via apex code : UserInfo.getSessionId() and _authHeader.ExtServerLocation is
https://na6-api.salesforce.com/services/Soap/u/12.0/511500D80000000Kb2v

Code:

    private SalesforceAppExPartnerAPI.SforceService Binding {
            get {
        
                    try {                        

                        // binding
                        SalesforceAppExPartnerAPI.SforceService binding = new SalesforceAppExPartnerAPI.SforceService();
                        // by setting these values, we are essentially logged in to the API as this user
                        binding.SessionHeaderValue = new SalesforceAppExPartnerAPI.SessionHeader();
                        binding.SessionHeaderValue.sessionId = _authHeader.EXTSessionID;
                        binding.Url = _authHeader.EXTServerLocation;
                                    

                        return binding;
                    } catch (System.Web.Services.Protocols.SoapException exsoap) {
                        if (exsoap.Code.ToString().Contains("API_DISABLED_FOR_ORG")) {
                            throw new EXTAPIAuthFail("This edition of salesforce.com does not provide API access."
                                + "API access is a standard feature of Enterprise "
                                + "and Unlimited Editions.<br>"
                                + "Certify your application to gain API access to "
                                + "Professional Edition as well.<br><br>", exsoap);
                        } else {
                            throw new EXTAPIAuthFail("SoapException: Unable to validate incoming web call.", exsoap);
                        }
                    } catch (System.UriFormatException uriEx) {
                        throw new EXTAPIAuthFail("The Server URL is invalid. " + uriEx.Message, uriEx);
                    } catch (Exception e) {
                        throw new EXTAPIAuthFail("Unable to connect to the API. " + e.Message, e);
                    }
                } else {
                    return _binding;
                }
            }
        }


 
Exception Stack trace:

Code:

{System.Web.Services.Protocols.SoapException: INVALID_SESSION_ID: Invalid Session ID found in SessionHeader: Illegal Session
   at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Mindflash.SalesforceAppExPartnerAPI.SforceService.getUserInfo()

 

It works fine before salesforce introduced winter9 release and version 14.0 API.
dklebdkleb

Glad to know it's not just me. However, in our case it seems only to affect VisualForce pages:

http://community.salesforce.com/sforce/board/message?board.id=Visualforce&thread.id=5907

 
JPSeaburyJPSeabury

We're having the same problem with invalid session ID.  In our case, we call a PHP application, passing it the session ID. 

I looked at the session ID in a debugger and it's HUGE:

sid=472500D5000000078hG%21AQgAQLiXsGYqcSlSNF6v1FA4Qzg0Zx8Qi1ZSEDbu3UTH_a9Gjv70oWIaK2KCoj1qdbWkeo_NCMh0gMYwimcebk7csreFLa7a

I think all those bytes after the 18th byte are what's causing me grief.  Tried to mod the app to only look at the first 18-bytes, but that hasn't worked.  Still hackin' away at a fix.
SuperfellSuperfell
Are you getting the sessionId from a visualforce page ? we're investingating this, please log a case with support.
JPSeaburyJPSeabury

No, in my case, I evoke a PHP application, passing it the ID of a custom object (RMA__c), the session ID, and the Partner Server URL info.  This is the code under the detail page button:

Code:
https://blahblahblah.com/xyz/rma_form.php—id={!RMA__c.Id}&sid={!API.Session_ID}&u={!$Api.Partner_Server_URL_120}


 So I can see the Session ID value that is being passed, and that's how I can see it is so long:

Code:
https://blahblahblah.com/xyz/rma_form.php—id=a0250000007hT9G&sid=472500D5000000078hG%21AQgAQLJ2uT1KIi4ZGlwL5nuxk2nCIHuZZeOK39J.6XQZeoosnnmgQd27kJbGvTqhB5nUqig1.0H28ETkfj.8ak6SKZxuhG4w&u=https%3A%2F%2Fna3.salesforce.com%2Fservices%2FSoap%2Fu%2F12.0%2F472500D50000000xxxx


 I've opened a case with Support. 
SuperfellSuperfell
Hmmm, i don't think the length of the sessionId has changed for a couple of releases now.
JPSeaburyJPSeabury

That's certainly plausible -- I honestly don't recall what this value looked like before Winter '09.  The sid value just looked unusually long compared to other ID values I see regularly.

I haven't been able to resolve this by truncating the value I send to the PHP app, so you're probably right.
SteveBowerSteveBower
Just fyi, session id *are* huge.  They are not 15/18 characters long.  -S
dklebdkleb

Yes we are. We get the session Id in the controller, using UserInfo.getSessionId(). And the problem (at least for us) seems to be specifically on the session Id we get from VisualForce. We also get the session Id in custom field formulas, and this session Id seems to be just fine.


 

 
 
dkadordkador
Since your issue sounds related to visualforce, can you please log a case with our support team?
dkadordkador
That was directed to dkleb, by the way.
dklebdkleb
A case was logged, # 02176336. It's now closed since this is accepted as a salesforce.com bug and is being corrected.
I don't know the bug number. Hopefully the fix will be in quickly.
 
I'm going to reproduce the information related to me verbally below, but if you have a better, more official statement of the workaround, please add it to this thread for the others affected.
 
The problem is a defect related to the API URL (it's basically the wrong URL coming from the $Api.Partner_Server_URL_xxx merge field). The API being returned is not correct for the newly renamed VisualForce servers. The problem only exists on managed packages (packages containing namespace prefixes).
 
The workaround is to rewrite the API URL in my controller, changing  
  <server>.salesforce.com
  to
  <namespace>.<server>.visual.force.com
For example:
    na4.salesforce.com becomes
    xyz.na4.visual.force.com
 
In an unmanaged package you use "c" as the namespace prefix.


Message Edited by dkleb on 10-17-2008 12:21 PM
myztakenmyztaken
Hi there, could you please share the snippet you use to retrieve and correct the Api URL please?