Response is already commited to client. Session cookie cannot be set.
Bear Bibeault wrote:Why would the JVM not try to "do things" after a session invalidation?
Mike Smithson wrote:Here is an example, these .jsps would all be "on the page" (ie, they are includes) before logout, but after logout has exectued and you are redirected to the "logout landing page", none of these jsp's would exist.
Paul Clapham wrote:My theory was that the processing went in two steps:
(1) Invalidate the session
(2) Try to use data from the session
I'm pretty sure that both of these steps are in the code somewhere, and I'm pretty sure people have asked this already, but do you try to do (2) after (1)? Even after all these posts I can't figure out the answer to that question.
Bear Bibeault wrote:Paul is spot on, it would be best to remove all this code from the JSP. In fact, in 2011, there should never be Java code of any kind in a JSP -- that's a poor practice that has been discredited for almost 10 years now.
Paul Clapham wrote:I have no idea. You said that JSP includes a lot of other JSPs. Perhaps you are making an incorrect assumption about the order in which the compiled code will be executed. I don't know whether you are or not, and I don't really care to know anyway because I wouldn't write code where it mattered. And if I were brought in to fix that problem in your code I would just refactor it as per my earlier post.
Mike Smithson wrote:The rest of the site's pages have included jsps (left nav, header, footer, normal stuff like that).