+ Start a Discussion
engrDaveengrDave 

Multiple API logins and session management

Hello all,

 

I have an application that involves a number of devices on a network that each log into my org to call a web service there. These devices are not aware of nor connected to each other. I would like for at least some of them to share a SF user login, but between the session expiration and the potential for one of them to make a legitimate logout() call, there are obvious session management issues.

 

Does anyone know a way (without them talking to each other) to have several of these devices use the same user to login without anything invalidating the session for all of them? (Or perhaps, a way for each device to "check" whether it is currently logged in or if session key is valid before making a WS call to the cloud app?)

 

Thanks in advance!

Dave

Best Answer chosen by Admin (Salesforce Developers) 
SuperfellSuperfell

Just try and make the call, if the sessionId is no longer valid, you'll get an INVALID_SESSION error back which you can use to decide to call login again and remake the original call.

All Answers

SuperfellSuperfell

If you don't call logout, and just let the session expire on a time basis, you shouldn't have any problems.

engrDaveengrDave

Thanks, Simon.

 

That sounds easy enough, but after device 1 logs in, when device 2 calls login() does it get a new session ID (and invalidate device 1's session)?

 

I could have each device call login() every time it is going to call the cloud, but there may be some timing issues if the login() calls replace the session with a new one, no? (i.e., device 1 calls login() between device 2's login() and web service calls.)

SuperfellSuperfell

No, the 2nd login call will not invalidate the first session.

engrDaveengrDave

Perfect!

 

I don't suppose there is a way to determine if a session ID is valid without using up an API call, is there? I would like to avoid using two API calls for every WS call, if possible, as these devices will be calling very frequently as it is.

SuperfellSuperfell

Just try and make the call, if the sessionId is no longer valid, you'll get an INVALID_SESSION error back which you can use to decide to call login again and remake the original call.

This was selected as the best answer