There were numerous posts on this topic in this forum, which have clearly explained the solution and to avoid pitfalls. Some of those points I recollect is not to depend on session == null, to determine the logout functionality. Instead check for the existing of objects stored in session. You can also invalidate session, which in turns removes all the attributes added to session. Please go through those posts for better understanding.
Some more advice: use bold sparingly and only for emphasis, rather than for entire posts. I have removed the bold for you.
Also, Pplease be sure to use code tags when posting code to the forums. Unformatted or unindented code is extremely hard to read and many people that might be able to help you will just move along to posts that are easier to read. Please click this link ⇒ UseCodeTags ⇐ for more information.
Properly indented and formatted code greatly increases the probability that your question will get quicker, better answers.