Login to Lightning enabled Salesforce instance using SessionId

If you have session Id, then you could login to Salesforce directly using below URL hack :


on above URL, you have to replace [instance] by actual salesforce instance name and [sessionId] by actual sessionId of user.

In same way, we can directly login to portals or communities using below URL hack


I tried to see, how can we login to Salesforce after Lightning design is enabled in Salesforce and found that below URL hack actually works, assuming we want to open Opportunity record after successful login. If you don’t want to redirect on any existing lightning page or record then you can simply ignore URL part after [SessionId]


Note : You have to be very careful while using SessionId, If its publicly available then anyone can have access to your Salesforce Org.


  1. Interesting hack! Even more of a reason to protect your org using IP restrictions and not to attempt to bypass the standard Salesforce security as the session Id is exposed in your browser so in theory any trogen could grab it.

  2. Why do we have “Lock sessions to the domain in which they were first used” setting in salesforce?

Leave a Reply to Jitendra Zaa Cancel reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.