Guest user session ID returned NULL in UserInfo.getSessionId()

Publish Date: Apr 13, 2023

Description

The error, "INVALID_SESSION_ID" indicates that you're trying to authenticate a guest user to a user in your site using OAuth. Previously, this was allowed but was an unintended loop hole and has since been fixed.

Resolution

Before Winter 15, it was possible to get the session id for the guest user by using these codes:

HttpRequest req = new HttpRequest();
req.setHeader('Authorization', 'OAuth ' + UserInfo.getSessionId());

Now, an error code saying "INVALID_SESSION_ID" is returned if you try to get the session ID of the guest user.

This change ensures that you can still create a guest user session, but doesn't allow a guest session ID to be set or created for organization security.

There are no recommended workarounds. Affected customers will need to adjust their integration to not rely on a guest user session ID.

Knowledge Article Number

000387009

Did this article solve your issue?

Let us know so we can improve!

Guest user session ID returned NULL in UserInfo.getSessionId()

General Information

Required Cookies

Functional Cookies

Advertising Cookies

General Information

Required Cookies

Functional Cookies

Advertising Cookies

Cookie List