0

I am calling java servlet for logout from my page setting all the values to null and reset the http session as follows:

public class logout extends HttpServlet
{
    public void service(HttpServletRequest rq,HttpServletResponse rs)throws IOException,ServletException
    {
        try{
            HttpSession ss=rq.getSession(false);
            if(ss.getAttribute("uid")==null || ss.getAttribute("usr")==null || ss.getAttribute("acc")==null)
            {
                rs.sendRedirect("/");
            }

            rs.setHeader("Cache-Control","no-cache, no-store, must-revalidate"); 
            rs.addHeader("Cache-Control", "post-check=0, pre-check=0");
            rs.setHeader("Pragma","no-cache"); 
            rs.setDateHeader ("Expires", 0);    
            HttpSession session = rq.getSession(false);
            session.setAttribute("uid",null);
            session.setAttribute("usr",null);
            session.setAttribute("acc",null);
            session.invalidate();
            rs.sendRedirect("/");
        }
        catch(Exception exp)
        {
            //Catch
        }


    }
}

If I click the logout button then it get logout fine. Suppose if I am not logout for some time suppose 30 minutes then press logout button I am getting a blank page instead of redirecting to home page. In stacktrace i got the erroe as following:

java.lang.IllegalStateException: Cannot call sendRedirect() after the response has been committed
    org.apache.catalina.connector.ResponseFacade.sendRedirect(ResponseFacade.java:494)
    logout.service(logout.java:32)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
    org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

I know that it is going to catch because session will expire automatically. How can I handle this? I need to redirect to home page even if it the session expires automatically. What should I do?

BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
Santhucool
  • 1,656
  • 2
  • 36
  • 92

2 Answers2

-1

If the container's session is expired, then this line

HttpSession ss=rq.getSession(false);

will return null.

You are not checking for not null before using ss variable, which might be throwing exception at runtime.

And also, you need not have one more variable for holding session, You can reuse ss.

     if(ss != null){
            if(ss.getAttribute("uid")==null || ss.getAttribute("usr")==null || ss.getAttribute("acc")==null)
                        {
                           // rs.sendRedirect("/");
                        }else{        
                        rs.setHeader("Cache-Control","no-cache, no-store, must-revalidate"); 
                        rs.addHeader("Cache-Control", "post-check=0, pre-check=0");
                        rs.setHeader("Pragma","no-cache"); 
                        rs.setDateHeader ("Expires", 0);    

                        ss.setAttribute("uid",null);
                        ss.setAttribute("usr",null);
                        ss.setAttribute("acc",null);
                        ss.invalidate();
                      //  rs.sendRedirect("/");
    }
        }
rs.sendRedirect("/");
faheem farhan
  • 401
  • 2
  • 9
-1

Added some changes in my catch(){} block as following, now works fine.

catch(Exception exp)
        {
            RequestDispatcher dd = rq.getRequestDispatcher("/");
            dd.forward(rq, rs);
        }
Santhucool
  • 1,656
  • 2
  • 36
  • 92