Guest user session ID returned NULL in UserInfo.getSessionId()

Date de publication: Apr 13, 2023

Description

The error, "INVALID_SESSION_ID" indicates that you're trying to authenticate a guest user to a user in your site using OAuth. Previously, this was allowed but was an unintended loop hole and has since been fixed.

Résolution

Before Winter 15, it was possible to get the session id for the guest user by using these codes:

HttpRequest req = new HttpRequest();
req.setHeader('Authorization', 'OAuth ' + UserInfo.getSessionId());

Now, an error code saying "INVALID_SESSION_ID" is returned if you try to get the session ID of the guest user.

This change ensures that you can still create a guest user session, but doesn't allow a guest session ID to be set or created for organization security.

There are no recommended workarounds. Affected customers will need to adjust their integration to not rely on a guest user session ID.

Numéro d’article de la base de connaissances

000387009

Cet article a-t-il résolu votre problème ?

Dites-nous ce que nous pouvons améliorer !

Guest user session ID returned NULL in UserInfo.getSessionId()

General Information

Required Cookies

Functional Cookies

Advertising Cookies

General Information

Required Cookies

Functional Cookies

Advertising Cookies

Cookie List