question about invalidate()

Hi,

A user can, on my website, log out.

1) He clicks on a link
    <li><a href="index.html?do=logout">déconnexion</a></li>
    The page will be forwarded to the servlet index.html

2) In the servlet, I invalidate the session, then forward to index.jsp

            else if(action.equals("logout")) {
                  HttpSession session = request.getSession();
                  session.invalidate();
                  getServletContext().getRequestDispatcher(urlIndex).forward(request,response);
                  return;
            }

3) In index.jsp, I have this code :
    <%
      metier.IUtilisateur util = (metier.IUtilisateur) session.getAttribute("utilisateur");
    %>
    <% if(util == null) { %>
          <link rel="stylesheet" type="text/css" href="css/menu2NonAuthentifie.css"/>
    <% } else { %>
          <link rel="stylesheet" type="text/css" href="css/menu2Authentifie.css"/>
    <% } %>

    And util gives me null, without an exception. (I know the code is not nice)


But why when I try this in a JSP (for testing) :

            session.invalidate();
            
            metier.IUtilisateur util = (metier.IUtilisateur) session.getAttribute("utilisateur");
            if(util == null) {
                        [...]

I have an error :

java.lang.IllegalStateException: "getAttribute": Session déjà invalidée
      org.apache.catalina.session.StandardSession.getAttribute(StandardSession.java:1011)
      org.apache.catalina.session.StandardSessionFacade.getAttribute(StandardSessionFacade.java:109)
      org.apache.jsp.chat2_jsp._jspService(chat2_jsp.java:61)
      org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
      javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
      org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:332)
      org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
      org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
      javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
      controleur.Controleur.connecterChat(Controleur.java:268)
      controleur.Controleur.doGet(Controleur.java:78)
      controleur.Controleur.doPost(Controleur.java:375)
      javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
      javax.servlet.http.HttpServlet.service(HttpServlet.java:802)



LVL 9
matthew016Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

suprapto45Commented:
You definitely get error as you have already invalidated the session.

Try the procedure as below.

          session.invalidate();
         
         
          if(session.getAttribute("utilisateur") == null) {
                // do whatever you want if it is null
          }
          else {
                // do whatever you want if it is NOT null
                metier.IUtilisateur util = (metier.IUtilisateur) ;
          }
0
matthew016Author Commented:
Ok, but why with the points 1), 2) and 3) I have no errors,
I do exactly the same thing
0
suprapto45Commented:
Okay,

One question. For point #3, is "<link rel="stylesheet" type="text/css" href="css/menu2NonAuthentifie.css"/>" executed?
0
Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

matthew016Author Commented:
Yes, that all works fine ...
0
suprapto45Commented:
Mm...., this is weird

I just realized that it is not NullPointerException but IllegalStateException. Give me a sec
0
suprapto45Commented:
In point #3,

Do you catch any exception or any error message in the console?
0
matthew016Author Commented:
Nothing.
That's why I post this question, because I don't understand why with 1)2)3) it works
and not when I put the instructions close to each other.
0
suprapto45Commented:
I do not really know what happens.

If in my local machine, it definitely throws me the NullPointerException. The reason you get the IllegalStateException is because you use
http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/servlet/http/HttpSession.html

However, for the working case in the #3, I don't really know why. It should not work. Sorry, can't help further.

David
0
matthew016Author Commented:
So do u test each time, before accessing a session, if it is valid ?
0
suprapto45Commented:
Yes,

You have to do that instead of directly accessing it. when the session is valid, it is working fine but if the session is not valid, you will get NullPointerException as you are trying to cast NULL values to certain classes as

metier.IUtilisateur util = (metier.IUtilisateur) session.getAttribute("utilisateur");

if it is null, it is somehing like

metier.IUtilisateur util = (metier.IUtilisateur) null;

David
0
suprapto45Commented:
My suggestion is to keep this thread open for few more days as today is weekend and not all experts are available here.

Hopefully by Monday some other experts may pop in and give you the right answer.
0
jaggernatCommented:
i agree with supraptos' first post. since you invalidate the session, you get this error
>>java.lang.IllegalStateException: "getAttribute": Session déjà invalidée

Now, why you dont get error with 1,2,3.
From page1 you hit logout, and it goes to step2, to the servlet and you invalidate the session in the servlet. At this point all the values from the session are completely lost and then you forward to step3 which is a fresh request to index.jsp page. In index.jsp page util= null since the session does not have "utilisateur"  (becoz session was blanked out in step2)

so i dont see why 1,2,3 should not work :)

 Actually , you should never invalidate the session in jsp, A servlet or a Java class is the right place to invalidate the session.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
rrzCommented:
I agree with suprato45 and jaggernat.
We are talking about two session objects in the 123  testing sequence.  But only one session object in the single page test.
0
matthew016Author Commented:
Ok, I think I understand.

Correct me if I'm wrong,

in step two I "delete" the session,
and when I forward to index.jsp (step 3) A new session is created where I do not have attribute "utilisateurs" in it.
0
rrzCommented:
Yes, that is right.   A JSP automatically provides a session object unless you use  
<%@ page session="false" %>  
In step3 you have new session with no attributes set.  
0
jaggernatCommented:
agree with rrz
0
matthew016Author Commented:
Thank u very much for your support !
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
JSP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.