I am using Salesforce SOAP API through the jar files. We have set the session timeout to 12 hours. I am using one username/password to login in for all the client instances running on different JVMs.
The "INVALID_SESSION_ID" problem happened all the time when there are two or more clients are running. When it fails I just restart the client and that will solve the problem. After a while, few minutes or hours, it will fail again. This is an internal app and no one is hacking it and it is not expired. What could I do troubleshoot the issue? This session shared by multiple logins seems very unstable.
These are the URLs:
AuthPoint:https://test.salesforce.com/services/Soap/c/35.0/0DFf0000000CbYO
ServiceEndPoint:https://cs16.salesforce.com/services/Soap/c/35.0/00Df0000003cDQb/0DFf0000000CbYO
503087.266: [GC (Allocation Failure) 503087.340: [SoftReference, 0 refs, 0.0019997 secs]503087.342: [WeakReference, 18 refs, 0.0005289
secs]503087.342: [FinalReference, 601 refs, 0.0030421 secs]503087.345:
[PhantomReference, 0 refs, 0 refs, 0.0073157 secs]503087.353: [JNI
Weak Reference, 0.0000337 secs][PSYoungGen: 796740K->1254K(917504K)]
1201079K->410538K(1966080K), 0.0890802 secs] [Times: user=0.17
sys=0.00, real=0.09 secs] [UnexpectedErrorFault [ApiFault
exceptionCode='INVALID_SESSION_ID' exceptionMessage='Invalid Session
ID found in SessionHeader: Illegal Session. Session not found, missing
session hash: FBVEDrptWO/J5/ozTzhwBw== This is expected, it can happen
if the session has expired and swept away, or if the user logs out, or
if its just someone trying to hack in. ' ]
Thank you!
Best Answer
As a generally rule it is probably better to just code the external clients to be able handle expired sessions.
They could expire for any number of reasons:
One way or another it will just be easier to handle the
INVALID_SESSION_ID
errror, make a new session, and then carry on.