we are getting SOMETIMES following error messages when we call a custom SOAP WebService from external system:

INVALID_SESSION_ID: Invalid Session ID found in SessionHeader: Illegal Session. Session not found, missing session hash: LWte3bok6NqsvPWBa6tv6A== This error usually occurs after a session expires or a user logs out.

Integration first retrieve the sessionID and then sends data into Salesforce. It seems that Salesforce is invalidating the session for some reasons, and this happens only SOMETIMES and is not predictable.

This error message can be thrown in the following scenarios:

1) The affected integration is sharing credentials with a user or another integration. In this case, if the user or the other integration log out of Salesforce.com while the first integration is running, the existing Session ID will be invalidated, and the integration will get the INVALID_SESSION_ID error message the next time it tries to send a message to the Salesforce API. To solve this problem, avoid sharing credentials and make sure each integration application or user use their own username.

2) One integration is making concurrent calls and not handling the session ID status. Integrations that make concurrent API calls and issue logout calls run a higher risk of receiving INVALID_SESSION_ID errors. For example, if the integration performs the following operations, in this order: 1. Login 2. Create 3. Logout An operation may attempt to issue a create call even though the other operation has logged out, resulting in an INVALID_SESSION_ID. Concurrency is not explicitly supported in the Web Services API and the scenario described above is not recommended. However, in some cases, multiple API requests may issue concurrent calls under the same username (i.e. possibly using the same session). For example, one user may be using the Outlook Edition plugin and a third-party integration at the same time.

We are EXCLUDING both of those. Does anyone have ideas why we are still getting the error??

PS: We also have tested the interface with SoapUI, and we never got the error.

Thanks

Marco

Hi,
We encouter this error recently (it was working 3 months ago) while trying to connect to salesforce SOAP service method; importProducts.

Do you have any idea why this happen?
Error:
System.ServiceModel.FaultException: INVALID_SESSION_ID: Invalid Session ID found in SessionHeader: Illegal Session. Session not found, missing session hash: cWDoKsK9fIn01hr05uV2ZaCI+c6Q1iuM4xAtxMSCPxs=
This error usually occurs after a session expires or a user logs out.
 
Information:

<endpoint address="https://test.salesforce.com/services/Soap/c/28.0/0DFw00000000ePf" binding="basicHttpBinding" bindingConfiguration="SoapBinding"
        contract="Salesforce.Soap" name="Soap"/>
      <endpoint address="https://cs17.salesforce.com/services/Soap/class/SpiderProductImportWebservice" binding="basicHttpBinding"
        bindingConfiguration="SpiderProductImportWebserviceBinding" contract="SalesforceProductsList.SpiderProductImportWebservicePortType"
        name="SpiderProductImportWebservice"/>
      <endpoint address="https://cs17.salesforce.com/services/Soap/class/SpiderContractPriceImportWebservice" binding="basicHttpBinding"
        bindingConfiguration="SpiderProductImportWebserviceBinding" contract="SalesforceContractPricesList.SpiderContractPriceImportWebservicePortType"
        name="SpiderContractPriceImportWebservice"/>

Kind regards,
Faizan

Hello,

I am preparing to move a webservice call that has been in testing in my sandbox environment and works as expected there.  When I run the same call against my production environment I receive the following error:

Fatal error: Uncaught SoapFault exception: [sf:INVALID_SESSION_ID] INVALID_SESSION_ID: Invalid Session ID found in SessionHeader: Illegal Session. Session not found, missing session hash: <**HASH REMOVED**> This is expected, it can happen if the session has expired and swept away, or if the user logs out, or if its just someone trying to hack in.

The code is fairly simple - I am creating a connection with the PHP toolkit using the appropriately generated partner wsdl.jsp and logging in.  I am able to log in  but when I make the call to the webservice I am given the error above.  Could this be an issue in the way the production org is set up or do I need to look elsewhere?

Code used to call the service is below.  The error is thrown on $client->IsThisLiveProduct($valuearray);

$USERNAME = "USERNAME";
$PASSWORD = "PASSWORD";
$TOKEN = "TOKEN";

require_once ('/soapclient/SforcePartnerClient.php');
require_once ('/soapclient/SforceHeaderOptions.php');

$mySforceConnection = new SforcePartnerClient();
$mySoapClient = $mySforceConnection->createConnection("../forcecom2/soapclient/wsdl.jsp.xml");
$mylogin = $mySforceConnection->login($USERNAME, $PASSWORD . $TOKEN);

$parsedURL = parse_url($mySforceConnection->getLocation());
define ("_WS_NAME_", 'WSNAME');
define ("_WS_WSDL_", _WS_NAME_ . '.xml');
define ("_WS_NAMESPACE_", 'http://soap.sforce.com/schemas/class/' . _WS_NAME_);

// SOAP Client for Web Service
$client = new SoapClient(_WS_WSDL_);
$sforce_header = new SoapHeader(_WS_NAMESPACE_, "SessionHeader", array("sessionId" => $mySforceConnection->getSessionId()));
$client->__setSoapHeaders(array($sforce_header));

// Call the web service
$valuearray = array('SerialNumber'=>'SERIALNO');
$response = $client->IsThisLiveProduct($valuearray);

Thanks!