function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
CRM ADMIN 8CRM ADMIN 8 

Return Null_Session_Id for Salesforce Public Site

Hi,
I create a Visualforce page for create case. It is working and successfuly case created in salesforce. I crated a site for this Visualforce page, it shows Null_Session_ID and it is not create a case in salesforce. can any one resolve this problem? Please find the below visualforce page code.

Visualforce page
--------------------------
<apex:page showHeader="false" sidebar="false">
<apex:stylesheet value="{!URLFOR($Resource.Chat)}"/>
<!--<style>
    .myFormStyle {
        background-color: #E6E6FA;
    }
</style>
<apex:form styleClass="myFormStyle ">-->
<apex:includeScript value="/soap/ajax/34.0/connection.js"/>
<apex:includeScript value="/soap/ajax/24.0/apex.js"/>
<script src="/soap/ajax/20.0/connection.js" type="text/javascript"></script>
<script src="/soap/ajax/24.0/apex.js" type="text/javascript"></script>
<script>
    function createCase(){
        sforce.connection.login('XXXX@XXXX.com','XXXXXXXX'+'XXXXXXXXXXX');
        sforce.connection.sessionId = '{!$Api.Session_ID}';
        alert(' Session Id ' + '{!$Api.Session_ID}');
        var name = document.getElementById('name').value;
        var description = document.getElementById('query').value;
        var phone= document.getElementById('phone').value;
        var email= document.getElementById('email').value;
        var recType = sforce.connection.query("SELECT name,Id from RecordType where name = 'Live Agent RecordType'");
        var records = recType.getArray("records");
        if(name!='' && description!=''){
            var csObj= new sforce.SObject("Case" );
            csObj.Subject= name;
            csObj.Description= description;
            csObj.Offline_Chat_Phone_Number__c= phone;
            csObj.TripproAgentEmail__c= email;
            csObj.RecordTypeId = records[0].Id;
            result = sforce.connection.create([csObj]);
            document.getElementById('name').value='';
            document.getElementById('email').value='';
            document.getElementById('phone').value='';
            document.getElementById('query').value='';
            self.close();            
        }
        else{
            alert('You should give Query');
        }
    
    }
</script>
<script>
function getParameterByName(name) {
    name = name.replace(/[\[]/, "\\[").replace(/[\]]/, "\\]");
    var regex = new RegExp("[\\?&]" + name + "=([^&#]*)"),
        results = regex.exec(location.search);
    return results === null ? "" : decodeURIComponent(results[1].replace(/\+/g, " "));
}
</script>
<script>
window.onload =
function AutoPopulateValuestoTextbox(name,email,phone) {
        document.getElementById("name").value = getParameterByName('userName');
        document.getElementById("email").value = getParameterByName('emailId');
        document.getElementById("phone").value = getParameterByName('phoneNumber');
}
</script>

<form>
<div class="chatOfflineMain">
        <div class="chatOfflineBox">
            <div class="name">Name</div>
            <div class="nameBox"><input type="text" id="name"/></div>
            <div class="email">Email</div>
            <div class="emailBox"><input type="text" id="email"/></div>
            <div class="phone">Phone</div>
            <div class="phoneBox"><input type="text" id="phone"/></div>
            <div class="query">Query</div>
            <div class="queryBox"><textarea id="query"></textarea></div>
            <div class="button" type="button" data-dismiss="modal" onclick="createCase()" height="40px" width="100px">Submit</div>
        </div>
</div>
</form>
<!--</apex:form>-->
</apex:page>

From Site Source
--------------------------
function createCase(){
        sforce.connection.login('XXXX@XXXX.com','XXXXXXXX'+'XXXXXXXXXXX');
        sforce.connection.sessionId = 'NULL_SESSION_ID';
        alert(' Session Id ' + 'NULL_SESSION_ID');
CRM ADMIN 8CRM ADMIN 8
Hi Karanraj,

Thank you very much for your info.

The same code and page is working from Salesforce Sandbox. I mean, from Salesforce Sandbox created case from Site.
KaranrajKaranraj
As per the salesforce Winter'15 release notes documentation - A potential security vulnerability related to guest user sessions has been fixed. Previously, some custom Force.com Community site pages generated guest user session IDs. These guest sessions could lead to anonymous API access via the guest user’s object, field, and record permissions.With this fix, custom Force.com Community site pages don’t generate or display guest user session IDs, and aren’t vulnerable to anonymous access. Custom Force.com Community site pages that use API version 32.0 are secure. Salesforce’s built-in pages are also secure.

In API versions 32.0 and later, the Apex UserInfo.getSessionId() static method returns the string NULL_SESSION_ID. The Visualforce $Api.Session_ID field returns a null value as the session ID for a site’s guest user. This is because guest user sessions are disabled, and the guest user context is no longer the default context. This change affects only API versions 32.0 and later.

http://releasenotes.docs.salesforce.com/en-us/winter15/release-notes/rn_forcecom_security_guest_sessions.htm
CRM ADMIN 8CRM ADMIN 8
Hi Karanraj,

Both sandbox and production org in Summer 15. Please tell me why Salesforce Sandbox Site works and why production site not working?
KaranrajKaranraj
What is the API version of the Visualforce page? Is both are same in Production and Sandbox instances? The above restriction is only applicable for API versions 32.0 and later.
CRM ADMIN 8CRM ADMIN 8
In both Production and Sandbox Visualforce page API version is 34.0.