aspose file tools*
The moose likes Servlets and the fly likes IllegalStateExceptions, null ponter exceptions, ServletExceptions and other odd servlet behavior Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "IllegalStateExceptions, null ponter exceptions, ServletExceptions and other odd servlet behavior" Watch "IllegalStateExceptions, null ponter exceptions, ServletExceptions and other odd servlet behavior" New topic
Author

IllegalStateExceptions, null ponter exceptions, ServletExceptions and other odd servlet behavior

Mike Smithson
Greenhorn

Joined: Sep 15, 2011
Posts: 14
We are seeing a variety of errors show up in our logs and monitoring tools during our logout process. I'm struggling to narrow down the cause.

Our logout jsp has a session.invalidate(); statement. That statement is executing, but frequently right after it executes, a whole string of null pointers in various jsps occurs, as well as illegal state exceptions (response already committed).

I can duplicate this on my local server, but because it doesn't have a common "starting point", I have never been able to successfully catch it.

This thread dump is from right when session.invalidate() executes, until the first couple of errors (a long string of jsp null pointers would then follow).

Does anyone have any suggestions as to what to try? It seems like SessionListener.java is creating a new session for some reason?

Please let me know if this is the wrong forum, I can't decide if it is servlet related (ActionServlet specifically) or something else..

Hebert Coelho
Ranch Hand

Joined: Jul 14, 2010
Posts: 754

What class calls the code session.invalidate()?

How do you get the session?


[uaiHebert.com] [Full WebApplication JSF EJB JPA JAAS with source code to download] One Table Per SubClass [Web/JSF]
Mike Smithson
Greenhorn

Joined: Sep 15, 2011
Posts: 14
session.invalidate(); is located in logout.jsp, which is a link at bottom of the page (link is directly to the jsp, that is). Code is at the end of logout.jsp:

if (abandonSession) { // which is deterimined from a session attribute above...
session.invalidate();
System.out.println ("Mike: session has been abandoned!");


I don't see any direct defining of the session, there are numeros session.getAttribute methods on the .jsp before the invalidate method is called on it. I just assumed the session was already available.


I'm new to this area, still trying to figure out some of the session stuff on the web side.. Please let me know if I'm looking at something from wrong perspective.


Thanks!!
Hebert Coelho
Ranch Hand

Joined: Jul 14, 2010
Posts: 754

Is there any code like the code bellow?

Mike Smithson
Greenhorn

Joined: Sep 15, 2011
Posts: 14
nope, the first references to the session are getAttribute methods.
Hebert Coelho
Ranch Hand

Joined: Jul 14, 2010
Posts: 754

Could you post it?
Mike Smithson
Greenhorn

Joined: Sep 15, 2011
Posts: 14
Here is the start of the .jsp, right after the page imports. Don't think anything is really proprietary here.. Is this what you are looking for?

Hebert Coelho
Ranch Hand

Joined: Jul 14, 2010
Posts: 754

I am trying to understand why is your session null...

After the



It comes the:




ALSO I notice this in the stacktrace:
Response is already commited to client. Session cookie cannot be set.


I belive that the session cookie is not being commited at the client.
Mike Smithson
Greenhorn

Joined: Sep 15, 2011
Posts: 14
There is some code in between there that would be relevant, along with some stuff that I don't think is.. Here is the relevant:



I am seeing tons of those response already committed in the full stack trace, not just the one on the cookie.

It's almost like the jvm is trying to do things after the session has been invalidated, which is why a bunch of null pointers in .jsps (as well as the response already committed) are occuring. I can't figure out what would cause this though...

Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61610
    
  67

Why would the JVM not try to "do things" after a session invalidation?


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Mike Smithson
Greenhorn

Joined: Sep 15, 2011
Posts: 14
Bear Bibeault wrote:Why would the JVM not try to "do things" after a session invalidation?


That is probably poorly phrased on my part. :-)

I meant, it seems like it is trying to "do things" with the session/client that was invalidated. For example, after logout.jsp, I will see a huge thread dump with null pointers in a string of jsps, then finally one or more Response Already Committed exceptions. Here is an example, these .jsps would all be "on the page" (ie, they are includes) before logout, but after logout has exectued and you are redirected to the "logout landing page", none of these jsp's would exist.

• /portal/common/blocks/postPromotion4.jsp,
• /portal/common/blocks/postPromotion5.jsp, then
• /portal/common/navigation/footer.jsp,
• /portal/common/template/LeftnavPortalTemplate.jsp,
• /portal/member/postPwdCategory.jsp,
• Exception in AppActionServletjavax.servlet.ServletException,
• Uncaught exception thrown in one of the service methods of the servlet: action. Exception thrown : java.lang.IllegalStateException: Cannot forward. Response already committed.
• java.lang.IllegalStateException: Cannot forward. Response already committed.
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18886
    
    8

My theory was that the processing went in two steps:

(1) Invalidate the session

(2) Try to use data from the session

I'm pretty sure that both of these steps are in the code somewhere, and I'm pretty sure people have asked this already, but do you try to do (2) after (1)? Even after all these posts I can't figure out the answer to that question.
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18886
    
    8

Mike Smithson wrote:Here is an example, these .jsps would all be "on the page" (ie, they are includes) before logout, but after logout has exectued and you are redirected to the "logout landing page", none of these jsp's would exist.


This seems like a mess which is mostly caused by you having that code in a JSP in the first place. You ought to have a servlet which handles the case where a user is logging out. If that happens then the servlet should invalidate the session and forward to a JSP which doesn't include a whole lot of things which assume the user is still logged in.

As it is, it looks like you have that code in a JSP which does include a whole lot of things which assume the user is still logged in.

There's also a common mistake which people make, namely assuming that after the "forward" method is executed, no code after that will be executed. Your comment about the JVM "trying to do things" suggests that you're making that mistake too. Remember that all of this code is written in Java; in Java methods always return control (unless the JVM ends or they hang in an infinite loop) and therefore the code after them is always executed.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61610
    
  67

Paul is spot on, it would be best to remove all this code from the JSP. In fact, in 2011, there should never be Java code of any kind in a JSP -- that's a poor practice that has been discredited for almost 10 years now.
Mike Smithson
Greenhorn

Joined: Sep 15, 2011
Posts: 14
Paul Clapham wrote:My theory was that the processing went in two steps:

(1) Invalidate the session

(2) Try to use data from the session

I'm pretty sure that both of these steps are in the code somewhere, and I'm pretty sure people have asked this already, but do you try to do (2) after (1)? Even after all these posts I can't figure out the answer to that question.



I just added a little code after the session.invalidate(), and it does throw an illegal state exception:



But in the actual logout.jsp itself, the invalidate() method is essentially the last thing in the JSP. So what is confusing to me still is, why a bunch of other .jsp's throw null pointers as if the jvm/actionservlet is trying to create them or access them??


Hebert Coelho
Ranch Hand

Joined: Jul 14, 2010
Posts: 754

There is a footer in your project? Maybe the footer is trying to access some data. or even a menu on the side bar.
Mike Smithson
Greenhorn

Joined: Sep 15, 2011
Posts: 14
Bear Bibeault wrote:Paul is spot on, it would be best to remove all this code from the JSP. In fact, in 2011, there should never be Java code of any kind in a JSP -- that's a poor practice that has been discredited for almost 10 years now.


I wouldn't be surprised to find that this .jsp is about that old.. :-) Seriously, it's on a site with several million subscribers, so it gets a lot of use. The problem is, this behavior seems to have just started somewhat recently though.

A re-write could be justified, but it would be hugely helpful if I understood exactly what is happening and why so I can justify the rewrite. The hope was that I could put a "try/catch" in logout.jsp, but the problem is that, frequently, the string of null pointers in other jsps begins somewhere other than logout.jsp.

You all have given me more to look at, thanks!!
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18886
    
    8

I have no idea. You said that JSP includes a lot of other JSPs. Perhaps you are making an incorrect assumption about the order in which the compiled code will be executed. I don't know whether you are or not, and I don't really care to know anyway because I wouldn't write code where it mattered. And if I were brought in to fix that problem in your code I would just refactor it as per my earlier post.
Mike Smithson
Greenhorn

Joined: Sep 15, 2011
Posts: 14
Paul Clapham wrote:I have no idea. You said that JSP includes a lot of other JSPs. Perhaps you are making an incorrect assumption about the order in which the compiled code will be executed. I don't know whether you are or not, and I don't really care to know anyway because I wouldn't write code where it mattered. And if I were brought in to fix that problem in your code I would just refactor it as per my earlier post.


The logout.jsp doesn't include any other .jsps. The rest of the site's pages have included jsps (left nav, header, footer, normal stuff like that). The logout .jsp is accessed directly via a link. It executes some code that looks at session values to determine which site the user is logging out of (different sites for different regions of the country), and then does the session.invalidate method. It then redirects the user to a logout landing page (which is actually just a .html document)...

Hebert Coelho
Ranch Hand

Joined: Jul 14, 2010
Posts: 754

Mike Smithson wrote:The rest of the site's pages have included jsps (left nav, header, footer, normal stuff like that).


Does not this pages invoke any data invalidate by the "session.invalidate();" ?
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: IllegalStateExceptions, null ponter exceptions, ServletExceptions and other odd servlet behavior