We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now


question about invalidate()

matthew016 asked
Medium Priority
Last Modified: 2008-01-09

A user can, on my website, log out.

1) He clicks on a link
    <li><a href="index.html?do=logout">déconnexion</a></li>
    The page will be forwarded to the servlet index.html

2) In the servlet, I invalidate the session, then forward to index.jsp

            else if(action.equals("logout")) {
                  HttpSession session = request.getSession();

3) In index.jsp, I have this code :
      metier.IUtilisateur util = (metier.IUtilisateur) session.getAttribute("utilisateur");
    <% if(util == null) { %>
          <link rel="stylesheet" type="text/css" href="css/menu2NonAuthentifie.css"/>
    <% } else { %>
          <link rel="stylesheet" type="text/css" href="css/menu2Authentifie.css"/>
    <% } %>

    And util gives me null, without an exception. (I know the code is not nice)

But why when I try this in a JSP (for testing) :

            metier.IUtilisateur util = (metier.IUtilisateur) session.getAttribute("utilisateur");
            if(util == null) {

I have an error :

java.lang.IllegalStateException: "getAttribute": Session déjà invalidée

Watch Question

You definitely get error as you have already invalidated the session.

Try the procedure as below.

          if(session.getAttribute("utilisateur") == null) {
                // do whatever you want if it is null
          else {
                // do whatever you want if it is NOT null
                metier.IUtilisateur util = (metier.IUtilisateur) ;

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts


Ok, but why with the points 1), 2) and 3) I have no errors,
I do exactly the same thing

One question. For point #3, is "<link rel="stylesheet" type="text/css" href="css/menu2NonAuthentifie.css"/>" executed?


Yes, that all works fine ...
Mm...., this is weird

I just realized that it is not NullPointerException but IllegalStateException. Give me a sec
In point #3,

Do you catch any exception or any error message in the console?


That's why I post this question, because I don't understand why with 1)2)3) it works
and not when I put the instructions close to each other.
I do not really know what happens.

If in my local machine, it definitely throws me the NullPointerException. The reason you get the IllegalStateException is because you use

However, for the working case in the #3, I don't really know why. It should not work. Sorry, can't help further.



So do u test each time, before accessing a session, if it is valid ?

You have to do that instead of directly accessing it. when the session is valid, it is working fine but if the session is not valid, you will get NullPointerException as you are trying to cast NULL values to certain classes as

metier.IUtilisateur util = (metier.IUtilisateur) session.getAttribute("utilisateur");

if it is null, it is somehing like

metier.IUtilisateur util = (metier.IUtilisateur) null;

My suggestion is to keep this thread open for few more days as today is weekend and not all experts are available here.

Hopefully by Monday some other experts may pop in and give you the right answer.
i agree with supraptos' first post. since you invalidate the session, you get this error
>>java.lang.IllegalStateException: "getAttribute": Session déjà invalidée

Now, why you dont get error with 1,2,3.
From page1 you hit logout, and it goes to step2, to the servlet and you invalidate the session in the servlet. At this point all the values from the session are completely lost and then you forward to step3 which is a fresh request to index.jsp page. In index.jsp page util= null since the session does not have "utilisateur"  (becoz session was blanked out in step2)

so i dont see why 1,2,3 should not work :)

 Actually , you should never invalidate the session in jsp, A servlet or a Java class is the right place to invalidate the session.


I agree with suprato45 and jaggernat.
We are talking about two session objects in the 123  testing sequence.  But only one session object in the single page test.


Ok, I think I understand.

Correct me if I'm wrong,

in step two I "delete" the session,
and when I forward to index.jsp (step 3) A new session is created where I do not have attribute "utilisateurs" in it.
Yes, that is right.   A JSP automatically provides a session object unless you use  
<%@ page session="false" %>  
In step3 you have new session with no attributes set.  
agree with rrz


Thank u very much for your support !
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.