Are all of these three separate values that are only linked for the same user ?
For security token I mean on value that you can take from Setup -> My Personal Information -> Reset security token.
As I know session id and access token are different values. Which relationship has security token ?
Best Answer
A session ID identifies a user using the UI or an API/integration tool. It has a set time to live and may be manually expired by explicitly logging out. It may also be tied to a specific IP address, if configured. Session ID values are valid across all APIs, including SOAP and REST endpoints.
Access Tokens are used by Connected Apps and other OAuth-enabled apps (such as Chatter Mobile). These tokens also have a similar life span, but can also be refreshed with a Refresh Token if granted permission. This allows services to have long-lived connections to the user account, even if they log out of other devices. Like session IDs, you can use access tokens anywhere a session ID is valid.
Security Tokens are the only type of token a user actually needs to "remember". A security token grants access to the user's account from outside of their normal domain. This token is only necessary if the user's current IP address is not whitelisted, and will not allow users to access salesforce.com outside of their IP restrictions or login times. The token is always provided as part of the password: passwordtoken. There is no intervening space or other symbol that separates the two.