What is the impact of session setting ‘lock sessions to the domain first used’?
I am trying to activate the session setting ‘lock sessions to the domain first used.’ But I want to know what happens when a user uses App Exchange products like Oracle CPQ. I think the domain does not change in the browser. Also, the domain changes for VF pages compared to the initial login domain.
When users use different domains, they get access to another session Id linked to a Parent Session. There are four child sessions for every parent session. The parent was initiated by UI, which is the Parent session. So, if you end the session, that can also end all the child sessions. In Lock Sessions to the domain in which they were first used, each session can be used for the domain from which it was first used. If you do not have this setting, You can copy an API Session Id to use it in the browser and Visualforce trick, which can lead to getting an API-activated Session Id in Lightning or any third party using which you can send a session Id.
In the ordinary course of UI usage, CPQ can work if the user gets transferred from any known source. But it may fail sometimes. For example, an extension that logs you in with API helps reach CPQ directly.