+ Start a Discussion
Mitesh SuraMitesh Sura 

Multiple active sessions

We have API connection with external system. They cannot use same session and hence will be requesting new session (previous session will still be active) each time they connect with Salesforce.

Can someone please explain:
- What happens to previous sessions?
- Do they expire automatically after 120 minutes?
- At a given time, how many active session there can be?
- What are the implications of multiple open sessions at given point in time? 

regards
Mitesh
Best Answer chosen by Mitesh Sura
Daniel BallingerDaniel Ballinger
How your sessions respond will depend on how they are being created. For example, if you are using the SOAP API to call login() with the same credentials from a single device, you will likely get the same session Id back. Beware of calling logout() here, as you will end both (being the same session).

I've seen reports (http://salesforce.stackexchange.com/a/1464/102) that doing the same with OAuth from different devices yeilds distinct sessions.

Expiry time will be controlled by the configuration. Default is 120 minutes after last activity, but this can be changed.

The limiting factor in terms of usage will be the Concurrent API Request Limit (https://help.salesforce.com/HTViewHelpDoc?id=integrate_api_rate_limiting.htm). E.g. With a developer edition org you can only have 5 active long running requests. There are other limits that will also come into play, such as the SOQL querylocator. See Execution Governors and Limits (https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_gov_limits.htm).

I'd suggest you run a small trial to see how it behaves with your setup. You can monitor your active sessions with the User Session Information page. (https://help.salesforce.com/htviewhelpdoc?id=security_user_session_info.htm&siteLang=en_US)
 

All Answers

Daniel BallingerDaniel Ballinger
How your sessions respond will depend on how they are being created. For example, if you are using the SOAP API to call login() with the same credentials from a single device, you will likely get the same session Id back. Beware of calling logout() here, as you will end both (being the same session).

I've seen reports (http://salesforce.stackexchange.com/a/1464/102) that doing the same with OAuth from different devices yeilds distinct sessions.

Expiry time will be controlled by the configuration. Default is 120 minutes after last activity, but this can be changed.

The limiting factor in terms of usage will be the Concurrent API Request Limit (https://help.salesforce.com/HTViewHelpDoc?id=integrate_api_rate_limiting.htm). E.g. With a developer edition org you can only have 5 active long running requests. There are other limits that will also come into play, such as the SOQL querylocator. See Execution Governors and Limits (https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_gov_limits.htm).

I'd suggest you run a small trial to see how it behaves with your setup. You can monitor your active sessions with the User Session Information page. (https://help.salesforce.com/htviewhelpdoc?id=security_user_session_info.htm&siteLang=en_US)
 
This was selected as the best answer
Mitesh SuraMitesh Sura
Thanks Daniel, I am using SOAP API and it turns out Salesforce returns same session id even if I make multiple login() calls. Thank you for your time. 
Daniel DennisDaniel Dennis
Will this be the same situation for REST?
Mitesh SuraMitesh Sura
I beleive so. Underlying architerute is same so REST or SOAP the session would still be same. Please post a comment if you find otherwise. Thank you. 
Daniel DennisDaniel Dennis
Follow up question. 

Scenario:
  -one wordpress website
  -2 plugins that connect to SF
  -Each uses a different SF account to authenticate and get a session id
 
Is there any reason this would be an issue? 
Mitesh SuraMitesh Sura
Hi Daniel,

In this case each will have different session id because SF accounts are different. As long an plugins do not overlap and use their unique session, I think this should be fine. Just a thought, why not use same SF account for both plugins?