Login to Lightning enabled Salesforce instance using SessionId

If you have session Id, then you could login to Salesforce directly using below URL hack :

https://[intance].salesforce.com/secur/frontdoor.jsp?sid=[sessionId]

on above URL, you have to replace [instance] by actual salesforce instance name and [sessionId] by actual sessionId of user.

In same way, we can directly login to portals or communities using below URL hack

https://[instance].salesforce.com/secur/frontdoor.jsp?sid=[sessionid]&orgId=[orgId]&portalId=[portalOrCommunityId]

I tried to see, how can we login to Salesforce after Lightning design is enabled in Salesforce and found that below URL hack actually works, assuming we want to open Opportunity record after successful login. If you don’t want to redirect on any existing lightning page or record then you can simply ignore URL part after [SessionId]

https://[instance].salesforce.com/one/one.app?sid=[SessionId]#/sObject/006B0000002p2FrIAI/view

Note : You have to be very careful while using SessionId, If its publicly available then anyone can have access to your Salesforce Org.


Posted

in

by

Comments

4 responses to “Login to Lightning enabled Salesforce instance using SessionId”

  1. Radnip Avatar
    Radnip

    Interesting hack! Even more of a reason to protect your org using IP restrictions and not to attempt to bypass the standard Salesforce security as the session Id is exposed in your browser so in theory any trogen could grab it.

    1. Jitendra Zaa Avatar
  2. Angad Avatar
    Angad

    Why do we have “Lock sessions to the domain in which they were first used” setting in salesforce?

  3. Ashish Motghare Avatar
    Ashish Motghare

    how to configure Frontdoor.jsp with community

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.