+ Start a Discussion

[URGENT] Vfpage custom delete link - ConfirmationToken

Hi guys, I've created a link which enables the user to delete the specific stuff they want. In this case, it's Notes.


But when I click delete, I links me to a page which says:


The attempted delete was invalid for your session. Please confirm your delete.


What should I put in my codes to prevent this from happening?


<apex:page standardController="Handoff__c" showHeader="false" sidebar="false">
    <meta http-equiv="Content-Type" content="text/html;charset=UTF-8" />   
        .activeTab {background-color: #236FBD; color:white; background-image:none}
        .inactiveTab {background-color: lightgrey; color:black; background-image:none}
        .br {mso-data-placement:same-cell;}
    <apex:tabPanel switchType="client" selectedTab="tabNotes" id="CustomObjectTabPanel" tabClass="activeTab" inactivetabClass="inactiveTab">          
        <apex:tab label="Notes" name="Notes" id="tabNotes">           
            <apex:form >
                <apex:pageBlock title="Notes">
                    <apex:pageBlockTable value="{!Handoff__c.Notes}" var="note">
                       <apex:column value="{!note.body}" />
                        <apex:column HeaderValue="Edit"><a href="/{!LEFT(note.id,15)}/e?&retURL=%2Fapex%2FViewNA%3Fid%3D{!Handoff__c.Id}">Edit</a></apex:column>
                        <apex:column HeaderValue="Del"><a href="/setup/own/deleteredirect.jsp?delID={!LEFT(note.id,15)}&_CONFIRMATIONTOKEN" onclick="return confirm('Are you sure you want to delete this note?')">Del</a></apex:column>
                    <apex:commandbutton value="Add Notes" action="/002/e?parent_id={!LEFT(Handoff__c.Id,15)}&retURL=%2Fapex%2FViewNA%3Fid%3D{!Handoff__c.Id}"/>


It is likely because of a combination of cross-domain authentication mixed with a bad case of weird HTML rendering caused by the method by which you are attempting to render this page.


Some suggestions:



  • Do not use the head tag in your code. Doing so overrides Visualforce's default mechanisms and prevents a normal header from being emitted. Instead, use the attributes available on the apex:page element.
  • Use an apex:commandLink, and use the standard New, Edit, and Delete methods of an ApexPages.StandardController instead.
  • You will need an extension to emit a correct Note.New page; it appears that the standard controller for notes is not easily accessible in Visualforce.
  • Never modify an ID value to avoid breaking future compatibility if Salesforce changes their ID scheme. The 18-character version that is emitted by Apex Code is well understood by the UI, as are the 15-character versions. You are not enhancing or fixing anything, but instead you risk breaking future upgrades.
  • Because you are hard-coding links, Salesforce can not correctly pass any additional parameters, such as additional ID values, session information as required, etc. Use an $Action global object whenever you are attempting a standard action, or the ApexPages.StandardController methods using an extension or custom controller.
Good Idea:
<apex:commandLink action="{!account.delete}" onclick="if(confirm('Are you sure?')) return true">Del</apex:commandLink>
Bad Idea:
<a href="/setup/own/deleteredirect.jsp?delID={!Account.Id}&_CONFIRMATIONTOKEN" onclick="return confirm('Are you sure?')">Del</a>
Note that the correct method is actually shorter than the incorrect method, and is future-proof against any changes that might occur in a future release. It also allows the system to generate the correct parameters such as retURL.



What I'm trying to do here is delete the notes displayed in my custom vf page, not the whole record.  I undersand that what I coded might not be the best practices, but other than that I'm not sure of how to produce the codes which I'm tasked to do.