Look up servlet filter. You can configure one to be called prior to any protected page in your site by associating with a specific servlet mapping (*.do for example). The filter can do the session checking so that you only have to write it once and not worry about it in any of your servlets, actions or JSPs. [ July 20, 2008: Message edited by: Bear Bibeault ]
without seeing your entire jsp it's kind of hard to say why you are getting this exception.
that being said, the most common case is you are performing some work on the output stream after the response header is sent back.
in your code, right after your response.sendRedirect("...") add a return statement. the return will "stop" the processing of the jspService method, preventing any further manipulation of the output stream by the jsp to occur.
if this solves the problem, then you need to go back into your code and change the logic so that after you call sendRedirect the flow control stops naturally.
<a href="http://www.J2EETraining.com" target="_blank" rel="nofollow">J2EE Training / Java EE Training ... Learn Java EE </a>