detect the session attributes after the session is TimeOut?

Dear pros and newbs(like me)

I have this session attribute containing an Object.
I also have a session time out set to 30 minutes.
In the servlet code I wrote the code below.

malo.java.classes.UserAuthentication userAuthentication = (malo.java.classes.UserAuthentication) session.getAttribute("usersAuthentication"); //The full code is below, // this strip code is located in line 41.I also forward this object into a JSP page and use it for another purpose. So if I refresh the page when the session is timeout, it will gives me an error too =(

The problem is, when the session is timeout and when I requested the servlet, it gives me an error stating that the object is null or empty.
Does any one knows how to mitigate this problem?
I heard that I must use a listener or a filter. But could anyone here please enlighten me how to solve this problem please.

I really appreciate your help. =)

Thank you Pros!

The full code:
public class ProfileController extends HttpServlet { private ServletContext forward; /** * Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods. * @param request servlet request * @param response servlet response * @throws ServletException if a servlet-specific error occurs * @throws IOException if an I/O error occurs */ protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, NamingException, SQLException, ClassNotFoundException { response.setContentType("text/html;charset=UTF-8"); PrintWriter out = response.getWriter(); HttpSession session = request.getSession(true); //Get the userAutentication session Attribute malo.java.classes.UserAuthentication userAuthentication = (malo.java.classes.UserAuthentication) session.getAttribute("usersAuthentication"); //get Parameter String id=request.getParameter("userID"); String index = request.getParameter("Index"); if(index==null){ index="1"; } if(id==null){ id=userAuthentication.getUserId(); } //Assign the forwardURL variable String forwardLoginURL="../login/login.jsp"; try { if(userAuthentication.getIsAMember()==false){ response.sendRedirect(request.getContextPath()+"/login/login.jsp"); } else{ //If the destination "email/username" is the same as the user's it self, Retrieve the user's profile information //and pass it to his/her profile if(id.equals(userAuthentication.getUserId())){ //Set up the Database connection and create an instance name db String databaseConnection = getServletContext().getInitParameter("databaseConnection"); String databaseDriver = getServletContext().getInitParameter("databaseDriver"); String databaseUser = getServletContext().getInitParameter("DatabaseUserName"); String databasePassword = getServletContext().getInitParameter("dbPassword"); Database db = new Database(databaseUser, databasePassword, databaseDriver, databaseConnection); //Get the profile informations Profile profile = new Profile(); ProfileDB profileDB=new ProfileDB(db, profile); profileDB.GetProfileInfo(Integer.parseInt(id)); profile=profileDB.getProfile(); //Get the comment informations Comment comment = new Comment(); CommentDB commentDB = new CommentDB(db); commentDB.getProfileComments(Integer.parseInt(id), "commenttable", Integer.parseInt(index)*10-10,Integer.parseInt(index)*10); //Set the comment object to a comment type form commentDB.getComment() comment=commentDB.getComment(); comment.setCommentIndex(Integer.parseInt(index)); comment.setTotalComment(commentDB.getTotalRow()); request.setAttribute("name", "Agustinus"); request.setAttribute("profile", profile); request.setAttribute("comment",comment); /* * Forward to the his/her profile page */ RequestDispatcher rd; rd = request.getRequestDispatcher("Users/Profile.jsp?userID="+id); rd.forward(request,response); } //else... if the desitnation username/email is not the same as his/her, Retrieve the visited user's profile information and forward it. else{ /* Forward to another (could be a friend/ profile page */ request.setAttribute("name", "Another Page"); RequestDispatcher rd; rd = request.getRequestDispatcher("/Profile.jsp?userID="+id); rd.forward(request,response); } } } finally { out.close(); } }

Whenever you fetch a scoped variable from the session using getAttribute() you test it for null. When the session times out, all scoped variables palced in the session are dumped.

Dear Sherif Bear Thanks for the insight.

I have been think for a moment and what I understood is like this

HttpSession session = request.getSession(false); if(session==null){ out.println("Session is timeout"); //Or forward to login page }

Do all professional Servlet Programmers still do this process? Or do they use another efficient and best practice way to avoid session null error?

Once again thanks for the insight

No. You don't test the session itself for null, but for something that you've put within it.

Let's say that when a user logs in we place the user's info in the session as a scoped variable:

UserInfo userInfo = new UserInfo( /*parameters here*/ ); session.setAttribute("userInfo",userInfo);

Later, when we want to check if the user is still valid or has timed out, we'd fetch the scoped variable, but test it for null:
UserInfo userInfo = (UserInfo)session.getAttribute*"userInfo"); if (userInfo == null) { /*user has timed out!*/ }

(One reason testing for session nullity isn't a great idea is that a JSP page will automagically create a session, unless you explicitly configure it not to. It's simply too easy to forget to do that, and not worth the effort. Checking for a session attribute is much simpler, and less error-prone.)

Ouchhhhhhhh Sir Sheriff Bear, it does not work hmmmmmm. But when I use the previous way "Checking the session null", it does forward the request to another JSP page.

I got this kind of error when I call the servlet again

java.lang.NullPointerException
malo.controller.ProfileController.processRequest(ProfileController.java:41)
malo.controller.ProfileController.doGet(ProfileController.java:134)
javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

package malo.controller; import java.io.IOException; import java.io.PrintWriter; import java.sql.SQLException; import java.util.logging.Level; import java.util.logging.Logger; import javax.naming.NamingException; import javax.servlet.RequestDispatcher; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import malo.java.classes.Comment; import malo.java.classes.Profile; import malo.java.classes.CommentDB; import malo.java.classes.Database; import malo.java.classes.ProfileDB; /** * * @author Bio */ public class ProfileController extends HttpServlet { private ServletContext forward; /** * Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods. * @param request servlet request * @param response servlet response * @throws ServletException if a servlet-specific error occurs * @throws IOException if an I/O error occurs */ protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, NamingException, SQLException, ClassNotFoundException { response.setContentType("text/html;charset=UTF-8"); PrintWriter out = response.getWriter(); HttpSession session = request.getSession(false); //Get the userAutentication session Attribute malo.java.classes.UserAuthentication userAuthentication = (malo.java.classes.UserAuthentication) session.getAttribute("usersAuthentication"); if(userAuthentication==null){ out.println("Attribute is deleted"); } else{ //get Parameter String id=request.getParameter("userID"); String index = request.getParameter("Index"); if(index==null){ index="1"; } if(id==null){ id=userAuthentication.getUserId(); } //Assign the forwardURL variable String forwardLoginURL="../login/login.jsp"; try { if(userAuthentication.getIsAMember()==false){ response.sendRedirect(request.getContextPath()+"/login/login.jsp"); } else{ //If the destination "email/username" is the same as the user's it self, Retrieve the user's profile information //and pass it to his/her profile if(id.equals(userAuthentication.getUserId())){ //Set up the Database connection and create an instance name db String databaseConnection = getServletContext().getInitParameter("databaseConnection"); String databaseDriver = getServletContext().getInitParameter("databaseDriver"); String databaseUser = getServletContext().getInitParameter("DatabaseUserName"); String databasePassword = getServletContext().getInitParameter("dbPassword"); Database db = new Database(databaseUser, databasePassword, databaseDriver, databaseConnection); //Get the profile informations Profile profile = new Profile(); ProfileDB profileDB=new ProfileDB(db, profile); profileDB.GetProfileInfo(Integer.parseInt(id)); profile=profileDB.getProfile(); //Get the comment informations Comment comment = new Comment(); CommentDB commentDB = new CommentDB(db); commentDB.getProfileComments(Integer.parseInt(id), "commenttable", Integer.parseInt(index)*10-10,Integer.parseInt(index)*10); //Set the comment object to a comment type form commentDB.getComment() comment=commentDB.getComment(); comment.setCommentIndex(Integer.parseInt(index)); comment.setTotalComment(commentDB.getTotalRow()); request.setAttribute("name", "Agustinus"); request.setAttribute("profile", profile); request.setAttribute("comment",comment); /* * Forward to the his/her profile page */ RequestDispatcher rd; rd = request.getRequestDispatcher("Users/Profile.jsp?userID="+id); rd.forward(request,response); } //else... if the desitnation username/email is not the same as his/her, Retrieve the visited user's profile information and forward it. else{ /* Forward to another (could be a friend/ profile page */ request.setAttribute("name", "Another Page"); RequestDispatcher rd; rd = request.getRequestDispatcher("/Profile.jsp?userID="+id); rd.forward(request,response); } } } finally { out.close(); } } } @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { try { processRequest(request, response); } catch (NamingException ex) { Logger.getLogger(ProfileController.class.getName()).log(Level.SEVERE, null, ex); } catch (SQLException ex) { Logger.getLogger(ProfileController.class.getName()).log(Level.SEVERE, null, ex); } catch (ClassNotFoundException ex) { Logger.getLogger(ProfileController.class.getName()).log(Level.SEVERE, null, ex); } } @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { try { processRequest(request, response); } catch (NamingException ex) { Logger.getLogger(ProfileController.class.getName()).log(Level.SEVERE, null, ex); } catch (SQLException ex) { Logger.getLogger(ProfileController.class.getName()).log(Level.SEVERE, null, ex); } catch (ClassNotFoundException ex) { Logger.getLogger(ProfileController.class.getName()).log(Level.SEVERE, null, ex); } } }

You're explicitly telling it not to create a session if there isn't one--what else would you expect?

@ Mr.Newton, thanks for the insight

So it is best practice or better to check the session attribute nullity rather than checking the session object nullity.

so if the session attribute is destroyed/expired/timeout, I must create a new session attribute filled with an object and a value such as a boolean which tells the visitor is not a member. Then in a JSP page it will use that boolean information to hide the special feature and display the login/signup button.

hehehehehe sorry I made too much statement instead of an question.

The question: Is my statement correct?

@Mr Newton

ouchhhhhh let me fix that, and I will be back soon. 5 minutes =)
Thanks

@ EVERY ONE

Oh my GAWTTTTT it's Workinggggg


hehehehehe, thank you Pros! You have made my day! =D

God Bless you all

Fixed Code. Thanks to Mr.Bear and Mr.Newton

package malo.controller; import java.io.IOException; import java.io.PrintWriter; import java.sql.SQLException; import java.util.logging.Level; import java.util.logging.Logger; import javax.naming.NamingException; import javax.servlet.RequestDispatcher; import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import malo.java.classes.Comment; import malo.java.classes.Profile; import malo.java.classes.CommentDB; import malo.java.classes.Database; import malo.java.classes.ProfileDB; /** * * @author Bio */ public class ProfileController extends HttpServlet { private ServletContext forward; /** * Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods. * @param request servlet request * @param response servlet response * @throws ServletException if a servlet-specific error occurs * @throws IOException if an I/O error occurs */ protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, NamingException, SQLException, ClassNotFoundException { response.setContentType("text/html;charset=UTF-8"); PrintWriter out = response.getWriter(); HttpSession session = request.getSession(true); //This is changed from FALSE -> TRUE //Get the userAutentication session Attribute malo.java.classes.UserAuthentication userAuthentication; if(session.getAttribute("usersAuthentication")==null){ out.println("Attribute is deleted"); } else{ userAuthentication = (malo.java.classes.UserAuthentication) session.getAttribute("usersAuthentication"); //get Parameter String id=request.getParameter("userID"); String index = request.getParameter("Index"); if(index==null){ index="1"; } if(id==null){ id=userAuthentication.getUserId(); } //Assign the forwardURL variable String forwardLoginURL="../login/login.jsp"; try { if(userAuthentication.getIsAMember()==false){ response.sendRedirect(request.getContextPath()+"/login/login.jsp"); } else{ //If the destination "email/username" is the same as the user's it self, Retrieve the user's profile information //and pass it to his/her profile if(id.equals(userAuthentication.getUserId())){ //Set up the Database connection and create an instance name db String databaseConnection = getServletContext().getInitParameter("databaseConnection"); String databaseDriver = getServletContext().getInitParameter("databaseDriver"); String databaseUser = getServletContext().getInitParameter("DatabaseUserName"); String databasePassword = getServletContext().getInitParameter("dbPassword"); Database db = new Database(databaseUser, databasePassword, databaseDriver, databaseConnection); //Get the profile informations Profile profile = new Profile(); ProfileDB profileDB=new ProfileDB(db, profile); profileDB.GetProfileInfo(Integer.parseInt(id)); profile=profileDB.getProfile(); //Get the comment informations Comment comment = new Comment(); CommentDB commentDB = new CommentDB(db); commentDB.getProfileComments(Integer.parseInt(id), "commenttable", Integer.parseInt(index)*10-10,Integer.parseInt(index)*10); //Set the comment object to a comment type form commentDB.getComment() comment=commentDB.getComment(); comment.setCommentIndex(Integer.parseInt(index)); comment.setTotalComment(commentDB.getTotalRow()); request.setAttribute("name", "Agustinus"); request.setAttribute("profile", profile); request.setAttribute("comment",comment); /* * Forward to the his/her profile page */ RequestDispatcher rd; rd = request.getRequestDispatcher("Users/Profile.jsp?userID="+id); rd.forward(request,response); } //else... if the desitnation username/email is not the same as his/her, Retrieve the visited user's profile information and forward it. else{ /* Forward to another (could be a friend/ profile page */ request.setAttribute("name", "Another Page"); RequestDispatcher rd; rd = request.getRequestDispatcher("/Profile.jsp?userID="+id); rd.forward(request,response); } } } finally { out.close(); } } } @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { try { processRequest(request, response); } catch (NamingException ex) { Logger.getLogger(ProfileController.class.getName()).log(Level.SEVERE, null, ex); } catch (SQLException ex) { Logger.getLogger(ProfileController.class.getName()).log(Level.SEVERE, null, ex); } catch (ClassNotFoundException ex) { Logger.getLogger(ProfileController.class.getName()).log(Level.SEVERE, null, ex); } } @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { try { processRequest(request, response); } catch (NamingException ex) { Logger.getLogger(ProfileController.class.getName()).log(Level.SEVERE, null, ex); } catch (SQLException ex) { Logger.getLogger(ProfileController.class.getName()).log(Level.SEVERE, null, ex); } catch (ClassNotFoundException ex) { Logger.getLogger(ProfileController.class.getName()).log(Level.SEVERE, null, ex); } } }