function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Mario VMario V 

INVALID_SESSION_ID

Hi everyone. We are trying to integrate Salesforce with our client's Intranet. The Intranet is developed in PHP. We are using PHP 4.3.11, PEAR SOAP 0.9.1 and a custom class very similar to the one in the PHP sample code from http://www.sforce.com/resources/toolkits-samples.jsp#PHP

We have created a custom link from Salesforce to the Intranet passing the session ID and server endpoint. The intranet uses this to get the user data, authenticate the user against its local database (or insert it if it is not present), and interact with Salesforce to retrieve and update data.

If we create the link in our Developer Edition account, pointing to either our development server or our client's production server, this works perfectly (the endpoint passed from Developer Edition is https://na1.salesforce.com/services/Soap/u/6.0 ).

f we create the link in the customer's live Salesforce environment, pointing to our development server, this works perfectly (the endpoint passed from Salesforce is https://emea.salesforce.com/services/Soap/c/6.0 ).

If we create the link in the customer's live Salesforce environment, pointing to our client's production server, any call to the SForce web service returns the message INVALID_SESSION_ID: Invalid Session ID found in SessionHeader

This is the SOAP request and response involved.

Request:

<?xml encoding="UTF-8" version="1.0"?>

<SOAP-ENV:Envelope  xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"  xmlns:xsd="http://www.w3.org/2001/XMLSchema"  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"  xmlns:ns4="urn:partner.soap.sforce.com" >

<SOAP-ENV:Header>
<ns4:SessionHeader SOAP-ENV:actor="http://schemas.xmlsoap.org/soap/actor/next" SOAP-ENV:mustUnderstand="0"><ns4:sessionId>*</ns4:sessionId></ns4:SessionHeader>
</SOAP-ENV:Header>

 <SOAP-ENV:Body>
<ns4:getUserInfo>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

Response:

HTTP/1.0 500 Internal Server Error
Server: sfdc
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Date: Wed, 04 Jan 2006 10:36:11 GMT

<?xml encoding="UTF-8" version="1.0"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Body>  
<soapenv:Fault>  
  <faultcode xmlns:ns1="urn:fault.enterprise.soap.sforce.com">ns1:INVALID_SESSION_ID</faultcode> 
  <faultstring>INVALID_SESSION_ID: Invalid Session ID found in SessionHeader</faultstring>
   <detail>
    <sf:fault xsi:type="sf:UnexpectedErrorFault" xmlns:sf="urn:fault.enterprise.soap.sforce.com">
     <sf:exceptionCode>INVALID_SESSION_ID</sf:exceptionCode>
     <sf:exceptionMessage>Invalid Session ID found in SessionHeader</sf:exceptionMessage>
    </sf:fault>
   </detail>
  </soapenv:Fault>
 </soapenv:Body>
</soapenv:Envelope>

I have deleted the session ID from the SOAP request for security purposes, but as far as I can tell it is being passed correctly - using it from the development server or my local machine does work. I have checked and the SOAP requests being sent from the development and the production server are identical.

Since it works in the development server, I do not think there is any serious problem with the code; and since it works in the production server when connecting to Developer Edition, there should not be any glaring server configuration errors either. We are completely out of ideas about this. Does anyone know what we may be doing wrong?

Message Edited by Mario V on 01-04-2006 04:18 AM

Message Edited by Mario V on 01-04-2006 04:21 AM

SuperfellSuperfell
Check in the security settings section to see if "lock sessions to originating IP" is turned on, that would cause the problem you're seeing.
Mario VMario V
Duh! Yeah, that fixed it. It seems so obvious now. :) The reason it worked in our dev server was that since we are behind a firewall, its external IP address is the same as my desktop machine. Thanks a lot!
DorothyDorothy
please I am having same problem "Error: INVALID_SESSION_ID: Invalid Session ID found in SessionHeader" when I run my code that has been running well for over a year now.
Can you let me know the exact directory name, file name, and line that you changed. I have not been able to find the security setting.
SuperfellSuperfell
The setting referenced is in the setup part of the saleforce.com application, not a PHP setting.
DorothyDorothy
We are running Professional Edition and this option is not on our security setting page so what else could be causing this error

I tried running the same program this morning and the error changed to "Error: curl_exec error 28 Operation timed out with 0 out of -1 bytes received"