Session ID is used in the FormulaShare Visualforce page as part of the cometd authentication:
requestHeaders: { Authorization: 'OAuth {!$Api.Session_ID}' },
This is used to allow the Visualforce page to respond to platform events. Unfortunately to do this in a way which is considered secure requires an authentication and connected app. Lightning Message Service might have been a good alternative, but unfortunately this doesn't work when the Visualforce page is embedded in Classic (which is the point of the page in the first place).
To avoid the complexity of a connected app and handling of authorisation we'll replace the use of cometd with a warning to notify the user that manual refresh of the page may be required.
Direct use of Session ID is not permitted by Salesforce security review - more info on justification for this: https://salesforce.stackexchange.com/questions/346926/sessionid-access-vulnerability-found-when-using-metadata-api
Session ID is used in the FormulaShare Visualforce page as part of the cometd authentication:
requestHeaders: { Authorization: 'OAuth {!$Api.Session_ID}' },
This is used to allow the Visualforce page to respond to platform events. Unfortunately to do this in a way which is considered secure requires an authentication and connected app. Lightning Message Service might have been a good alternative, but unfortunately this doesn't work when the Visualforce page is embedded in Classic (which is the point of the page in the first place).
To avoid the complexity of a connected app and handling of authorisation we'll replace the use of cometd with a warning to notify the user that manual refresh of the page may be required.