Solved

question about invalidate()

Posted on 2006-10-28
17
347 Views
Last Modified: 2008-01-09
Hi,

A user can, on my website, log out.

1) He clicks on a link
    <li><a href="index.html?do=logout">déconnexion</a></li>
    The page will be forwarded to the servlet index.html

2) In the servlet, I invalidate the session, then forward to index.jsp

            else if(action.equals("logout")) {
                  HttpSession session = request.getSession();
                  session.invalidate();
                  getServletContext().getRequestDispatcher(urlIndex).forward(request,response);
                  return;
            }

3) In index.jsp, I have this code :
    <%
      metier.IUtilisateur util = (metier.IUtilisateur) session.getAttribute("utilisateur");
    %>
    <% if(util == null) { %>
          <link rel="stylesheet" type="text/css" href="css/menu2NonAuthentifie.css"/>
    <% } else { %>
          <link rel="stylesheet" type="text/css" href="css/menu2Authentifie.css"/>
    <% } %>

    And util gives me null, without an exception. (I know the code is not nice)


But why when I try this in a JSP (for testing) :

            session.invalidate();
            
            metier.IUtilisateur util = (metier.IUtilisateur) session.getAttribute("utilisateur");
            if(util == null) {
                        [...]

I have an error :

java.lang.IllegalStateException: "getAttribute": Session déjà invalidée
      org.apache.catalina.session.StandardSession.getAttribute(StandardSession.java:1011)
      org.apache.catalina.session.StandardSessionFacade.getAttribute(StandardSessionFacade.java:109)
      org.apache.jsp.chat2_jsp._jspService(chat2_jsp.java:61)
      org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
      javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
      org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:332)
      org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
      org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
      javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
      controleur.Controleur.connecterChat(Controleur.java:268)
      controleur.Controleur.doGet(Controleur.java:78)
      controleur.Controleur.doPost(Controleur.java:375)
      javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
      javax.servlet.http.HttpServlet.service(HttpServlet.java:802)



0
Comment
Question by:matthew016
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
  • 2
  • +1
17 Comments
 
LVL 16

Assisted Solution

by:suprapto45
suprapto45 earned 100 total points
ID: 17825731
You definitely get error as you have already invalidated the session.

Try the procedure as below.

          session.invalidate();
         
         
          if(session.getAttribute("utilisateur") == null) {
                // do whatever you want if it is null
          }
          else {
                // do whatever you want if it is NOT null
                metier.IUtilisateur util = (metier.IUtilisateur) ;
          }
0
 
LVL 9

Author Comment

by:matthew016
ID: 17825736
Ok, but why with the points 1), 2) and 3) I have no errors,
I do exactly the same thing
0
 
LVL 16

Expert Comment

by:suprapto45
ID: 17825782
Okay,

One question. For point #3, is "<link rel="stylesheet" type="text/css" href="css/menu2NonAuthentifie.css"/>" executed?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 9

Author Comment

by:matthew016
ID: 17825793
Yes, that all works fine ...
0
 
LVL 16

Expert Comment

by:suprapto45
ID: 17825808
Mm...., this is weird

I just realized that it is not NullPointerException but IllegalStateException. Give me a sec
0
 
LVL 16

Expert Comment

by:suprapto45
ID: 17825823
In point #3,

Do you catch any exception or any error message in the console?
0
 
LVL 9

Author Comment

by:matthew016
ID: 17825830
Nothing.
That's why I post this question, because I don't understand why with 1)2)3) it works
and not when I put the instructions close to each other.
0
 
LVL 16

Expert Comment

by:suprapto45
ID: 17825847
I do not really know what happens.

If in my local machine, it definitely throws me the NullPointerException. The reason you get the IllegalStateException is because you use
http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/servlet/http/HttpSession.html

However, for the working case in the #3, I don't really know why. It should not work. Sorry, can't help further.

David
0
 
LVL 9

Author Comment

by:matthew016
ID: 17825899
So do u test each time, before accessing a session, if it is valid ?
0
 
LVL 16

Expert Comment

by:suprapto45
ID: 17825975
Yes,

You have to do that instead of directly accessing it. when the session is valid, it is working fine but if the session is not valid, you will get NullPointerException as you are trying to cast NULL values to certain classes as

metier.IUtilisateur util = (metier.IUtilisateur) session.getAttribute("utilisateur");

if it is null, it is somehing like

metier.IUtilisateur util = (metier.IUtilisateur) null;

David
0
 
LVL 16

Expert Comment

by:suprapto45
ID: 17825986
My suggestion is to keep this thread open for few more days as today is weekend and not all experts are available here.

Hopefully by Monday some other experts may pop in and give you the right answer.
0
 
LVL 10

Accepted Solution

by:
jaggernat earned 200 total points
ID: 17826133
i agree with supraptos' first post. since you invalidate the session, you get this error
>>java.lang.IllegalStateException: "getAttribute": Session déjà invalidée

Now, why you dont get error with 1,2,3.
From page1 you hit logout, and it goes to step2, to the servlet and you invalidate the session in the servlet. At this point all the values from the session are completely lost and then you forward to step3 which is a fresh request to index.jsp page. In index.jsp page util= null since the session does not have "utilisateur"  (becoz session was blanked out in step2)

so i dont see why 1,2,3 should not work :)

 Actually , you should never invalidate the session in jsp, A servlet or a Java class is the right place to invalidate the session.

0
 
LVL 27

Expert Comment

by:rrz
ID: 17826545
I agree with suprato45 and jaggernat.
We are talking about two session objects in the 123  testing sequence.  But only one session object in the single page test.
0
 
LVL 9

Author Comment

by:matthew016
ID: 17828328
Ok, I think I understand.

Correct me if I'm wrong,

in step two I "delete" the session,
and when I forward to index.jsp (step 3) A new session is created where I do not have attribute "utilisateurs" in it.
0
 
LVL 27

Assisted Solution

by:rrz
rrz earned 200 total points
ID: 17828898
Yes, that is right.   A JSP automatically provides a session object unless you use  
<%@ page session="false" %>  
In step3 you have new session with no attributes set.  
0
 
LVL 10

Expert Comment

by:jaggernat
ID: 17829128
agree with rrz
0
 
LVL 9

Author Comment

by:matthew016
ID: 17830693
Thank u very much for your support !
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's how to start interacting with our community through Post.
We take a look at some of the most common obstacles that IT teams run into as they work relentlessly to keep all the alarms and sirens from going off at once.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question