function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

Access $Api.Session_ID from a static resource?

Hi all,

I'm trying to improve security in my VF+tabs community by stashing all my javascript/css in static resources.  It works great, except when I try to resolve the global merge field $Api.Session_ID (which I need to initialize sforce.connection). It only works if I put the reference in the main file, like so:

<script type="text/javascript"> function getSessionId () { return '{!$Api.Session_ID}'; } </script>

However, that exposes the session id in page source:

<script type="text/javascript"> function getSessionId () { return '00Di...!...'; } </script>

Is that a security problem?  If so, is there some way to fetch api session id from inside a static resource?


- Randy