• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

IllegalStateExceptions, null ponter exceptions, ServletExceptions and other odd servlet behavior

 
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
We are seeing a variety of errors show up in our logs and monitoring tools during our logout process. I'm struggling to narrow down the cause.

Our logout jsp has a session.invalidate(); statement. That statement is executing, but frequently right after it executes, a whole string of null pointers in various jsps occurs, as well as illegal state exceptions (response already committed).

I can duplicate this on my local server, but because it doesn't have a common "starting point", I have never been able to successfully catch it.

This thread dump is from right when session.invalidate() executes, until the first couple of errors (a long string of jsp null pointers would then follow).

Does anyone have any suggestions as to what to try? It seems like SessionListener.java is creating a new session for some reason?

Please let me know if this is the wrong forum, I can't decide if it is servlet related (ActionServlet specifically) or something else..

 
Ranch Hand
Posts: 754
Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What class calls the code session.invalidate()?

How do you get the session?

 
Mike Smithson
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
session.invalidate(); is located in logout.jsp, which is a link at bottom of the page (link is directly to the jsp, that is). Code is at the end of logout.jsp:

if (abandonSession) { // which is deterimined from a session attribute above...
session.invalidate();
System.out.println ("Mike: session has been abandoned!");


I don't see any direct defining of the session, there are numeros session.getAttribute methods on the .jsp before the invalidate method is called on it. I just assumed the session was already available.


I'm new to this area, still trying to figure out some of the session stuff on the web side.. Please let me know if I'm looking at something from wrong perspective.


Thanks!!
 
Hebert Coelho
Ranch Hand
Posts: 754
Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Is there any code like the code bellow?

 
Mike Smithson
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
nope, the first references to the session are getAttribute methods.
 
Hebert Coelho
Ranch Hand
Posts: 754
Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Could you post it?
 
Mike Smithson
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Here is the start of the .jsp, right after the page imports. Don't think anything is really proprietary here.. Is this what you are looking for?

 
Hebert Coelho
Ranch Hand
Posts: 754
Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am trying to understand why is your session null...

After the



It comes the:




ALSO I notice this in the stacktrace:

Response is already commited to client. Session cookie cannot be set.



I belive that the session cookie is not being commited at the client.
 
Mike Smithson
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There is some code in between there that would be relevant, along with some stuff that I don't think is.. Here is the relevant:



I am seeing tons of those response already committed in the full stack trace, not just the one on the cookie.

It's almost like the jvm is trying to do things after the session has been invalidated, which is why a bunch of null pointers in .jsps (as well as the response already committed) are occuring. I can't figure out what would cause this though...

 
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Why would the JVM not try to "do things" after a session invalidation?
 
Mike Smithson
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Bear Bibeault wrote:Why would the JVM not try to "do things" after a session invalidation?



That is probably poorly phrased on my part. :-)

I meant, it seems like it is trying to "do things" with the session/client that was invalidated. For example, after logout.jsp, I will see a huge thread dump with null pointers in a string of jsps, then finally one or more Response Already Committed exceptions. Here is an example, these .jsps would all be "on the page" (ie, they are includes) before logout, but after logout has exectued and you are redirected to the "logout landing page", none of these jsp's would exist.

• /portal/common/blocks/postPromotion4.jsp,
• /portal/common/blocks/postPromotion5.jsp, then
• /portal/common/navigation/footer.jsp,
• /portal/common/template/LeftnavPortalTemplate.jsp,
• /portal/member/postPwdCategory.jsp,
• Exception in AppActionServletjavax.servlet.ServletException,
• Uncaught exception thrown in one of the service methods of the servlet: action. Exception thrown : java.lang.IllegalStateException: Cannot forward. Response already committed.
• java.lang.IllegalStateException: Cannot forward. Response already committed.
 
Marshal
Posts: 28193
95
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
My theory was that the processing went in two steps:

(1) Invalidate the session

(2) Try to use data from the session

I'm pretty sure that both of these steps are in the code somewhere, and I'm pretty sure people have asked this already, but do you try to do (2) after (1)? Even after all these posts I can't figure out the answer to that question.
 
Paul Clapham
Marshal
Posts: 28193
95
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Mike Smithson wrote:Here is an example, these .jsps would all be "on the page" (ie, they are includes) before logout, but after logout has exectued and you are redirected to the "logout landing page", none of these jsp's would exist.



This seems like a mess which is mostly caused by you having that code in a JSP in the first place. You ought to have a servlet which handles the case where a user is logging out. If that happens then the servlet should invalidate the session and forward to a JSP which doesn't include a whole lot of things which assume the user is still logged in.

As it is, it looks like you have that code in a JSP which does include a whole lot of things which assume the user is still logged in.

There's also a common mistake which people make, namely assuming that after the "forward" method is executed, no code after that will be executed. Your comment about the JVM "trying to do things" suggests that you're making that mistake too. Remember that all of this code is written in Java; in Java methods always return control (unless the JVM ends or they hang in an infinite loop) and therefore the code after them is always executed.
 
Bear Bibeault
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Paul is spot on, it would be best to remove all this code from the JSP. In fact, in 2011, there should never be Java code of any kind in a JSP -- that's a poor practice that has been discredited for almost 10 years now.
 
Mike Smithson
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Paul Clapham wrote:My theory was that the processing went in two steps:

(1) Invalidate the session

(2) Try to use data from the session

I'm pretty sure that both of these steps are in the code somewhere, and I'm pretty sure people have asked this already, but do you try to do (2) after (1)? Even after all these posts I can't figure out the answer to that question.




I just added a little code after the session.invalidate(), and it does throw an illegal state exception:



But in the actual logout.jsp itself, the invalidate() method is essentially the last thing in the JSP. So what is confusing to me still is, why a bunch of other .jsp's throw null pointers as if the jvm/actionservlet is trying to create them or access them??


 
Hebert Coelho
Ranch Hand
Posts: 754
Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There is a footer in your project? Maybe the footer is trying to access some data. or even a menu on the side bar.
 
Mike Smithson
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Bear Bibeault wrote:Paul is spot on, it would be best to remove all this code from the JSP. In fact, in 2011, there should never be Java code of any kind in a JSP -- that's a poor practice that has been discredited for almost 10 years now.



I wouldn't be surprised to find that this .jsp is about that old.. :-) Seriously, it's on a site with several million subscribers, so it gets a lot of use. The problem is, this behavior seems to have just started somewhat recently though.

A re-write could be justified, but it would be hugely helpful if I understood exactly what is happening and why so I can justify the rewrite. The hope was that I could put a "try/catch" in logout.jsp, but the problem is that, frequently, the string of null pointers in other jsps begins somewhere other than logout.jsp.

You all have given me more to look at, thanks!!
 
Paul Clapham
Marshal
Posts: 28193
95
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have no idea. You said that JSP includes a lot of other JSPs. Perhaps you are making an incorrect assumption about the order in which the compiled code will be executed. I don't know whether you are or not, and I don't really care to know anyway because I wouldn't write code where it mattered. And if I were brought in to fix that problem in your code I would just refactor it as per my earlier post.
 
Mike Smithson
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Paul Clapham wrote:I have no idea. You said that JSP includes a lot of other JSPs. Perhaps you are making an incorrect assumption about the order in which the compiled code will be executed. I don't know whether you are or not, and I don't really care to know anyway because I wouldn't write code where it mattered. And if I were brought in to fix that problem in your code I would just refactor it as per my earlier post.



The logout.jsp doesn't include any other .jsps. The rest of the site's pages have included jsps (left nav, header, footer, normal stuff like that). The logout .jsp is accessed directly via a link. It executes some code that looks at session values to determine which site the user is logging out of (different sites for different regions of the country), and then does the session.invalidate method. It then redirects the user to a logout landing page (which is actually just a .html document)...

 
Hebert Coelho
Ranch Hand
Posts: 754
Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Mike Smithson wrote:The rest of the site's pages have included jsps (left nav, header, footer, normal stuff like that).



Does not this pages invoke any data invalidate by the "session.invalidate();" ?
 
reply
    Bookmark Topic Watch Topic
  • New Topic