20

The Servlet I'm working has a variable session.

I've tried session.invalidate();, this seem to have destroyed session but when I do a redirect like so response.sendRedirect("restanes.jsp");, it gives me HTTP Status 500 error with this line:

java.lang.IllegalStateException: getAttribute: Session already invalidated

This is expected since I was trying to destroy the session.

But why is the page unable to redirect? On the same page elsewhere I've redirected successfully.

How can I destroy session and redirect successfully?

Code snippet:

if(request.getParameter("logout") != null ){  
        session.invalidate();
        response.sendRedirect("restanes.jsp");
}

Update: All I needed to do was return; after response.sendRedirect("restanes.jsp");. Sincere thanks to BalusC.

Sushan Ghimire
  • 7,307
  • 16
  • 38
  • 65
  • The 500 error is most likely produced by the page after the redirect (restanes.jsp). Can you get more information from the logs? – Thilo Dec 20 '12 at 01:02
  • 1
    The presence/lack of a session should not impact redirection. – Dave Newton Dec 20 '12 at 01:09
  • @Thilo if I remove session.invalidate(); the redirect bit works fine. When I put back that line, the error also points to a session variable that I had set earlier. – Sushan Ghimire Dec 20 '12 at 01:21
  • Are you sure the page you are redirecting to doesn't require information from the session you invalidated? – Perception Dec 20 '12 at 01:26
  • @Perception Well.. it doesn't. That's because it has validation. If there is no session it shows different behaviour. Just now I tried redirecting to a page that does not have session at all and still same problem. – Sushan Ghimire Dec 20 '12 at 01:31
  • What if it has a new session that hasn't been initialized (and is missing something the old session had)? – jahroy Dec 20 '12 at 01:35
  • 1
    @MrGhimire - but there ***is*** a session. Its just that it is invalid. – Perception Dec 20 '12 at 01:46

2 Answers2

45

You need to return from the method after sending the redirect.

if (request.getParameter("logout") != null) {  
    session.invalidate();
    response.sendRedirect("restanes.jsp");
    return; // <--- Here.
}

Otherwise the code will continue to run and hit some session.getAttribute() method further down in the block causing exactly this exception. At least, that's the most likely cause of the problem described so far and based on the fact that this is a pretty common starter's mistake. See also e.g. this answer.

Community
  • 1
  • 1
BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
  • Quite possibly this is really what's going on - makes more sense in any case. If OP confirms then I will upvote and delete my answer. – Perception Dec 20 '12 at 14:23
  • @BalusC I'm PHP guy and was expecting redirect to work perfectly (without having to return). I've tested with return; and works. Humble thanks. – Sushan Ghimire Dec 20 '12 at 23:29
  • 2
    You're welcome. Note that the same applies to PHP. You need to put an `exit;` after `header('Location: foo.php');` inside an `if` block to prevent the remnant of code to run (although this may not necessarily harm in PHP; the webbrowser would ignore the unnecessarily retrieved HTML anyway). – BalusC Dec 20 '12 at 23:37
0

Your code is okay

if(request.getParameter("logout") != null )
{  
  session.invalidate();
  response.sendRedirect("restanes.jsp");
}

but make sure the redirecting page does not contain any session attributes. 500 internal error coming from "restanes.jsp" page. work out with the redirected page and session activity.

seaotternerd
  • 6,298
  • 2
  • 47
  • 58
Pushpendra
  • 9
  • 1
  • 1
    As the OP and BalusC have pointed out; his (not sure of gender based on name) code is not OK. It needs the fix given in BalusC's answer. – Agi Hammerthief Jan 23 '18 at 06:21