Release notes for Optimizely CMS and Customized Commerce updates

Fixed an issue that did not update a token in the cache when the session ID expired and used an expired token to retry authentication.

Fixed an issue where the Salesforce connector failed to authenticate when the ampersand ( & ) and plus ( + ) special characters were included in username and password. 

Upgraded the following marketing automation connectors to support Optimizely Content Cloud version 12 (CMS 12). 

• Acoustic (Silverpop)
• Delivra
• Eloqua
• Marketo
• Microsoft Dynamics CRM
• Salesforce
• Salesforce Marketing Cloud (ExactTarget)

The following connectors will be released at a later date.

• Hubspot
• Pardot

In accordance with GDPR regulations, you can choose whether you want to accept cookies for Marketing Automation connectors. (Normally, the cookie is created when you submit a marketing automation form.)

Customers are responsible for presenting the cookie option dialog box to the user, obtaining the response, and then passing the response to Optimizely through the IPersonalizationEvaluator.AcceptCookies property. If the user chooses not to accept the cookies, some or all functionality of the connector will not work; the form will post successfully but personalization features will not.

When you used SOAP API option in the settings, form submissions failed to create leads after the session expired, and generated the following error:
System.Web.Services.Protocols.SoapException: INVALID_SESSION_ID: Invalid Session ID found in SessionHeader: Illegal Session. Session not found, missing session hash

Form and form field mappings are lost if the database is upgraded from 3.x to 4.x via the updateDatabaseSchema attribute of the <episerver.framework> element in the web.config.

When sandbox option is chosen in the connector settings, it is incorrectly attempting to connect to the production endpoint, which throws the following error:
Error in Authentication of CredentialsINVALID_LOGIN: Invalid username, password, security token; or user locked out.

Salesforce stores the login result object in a request variable. The process of fetching the data in the initialization module and scheduled job occurs in a parallel loop.
If the request for Salesforce data happens in a thread different from the originating one, the HttpContext is null. This results in a null reference exception.

When a visitor submits a form mapped to Salesforce, a new contact is created in Salesforce. But when the same visitor re-submits the form (without clearing cookies), it creates a new contact instead of updating the existing one.

If credentials are saved and the site/database is deployed to a server whose machine key is different, the site throws cryptographic error and becomes unusable.