On Fri, 11 May 2001, teh j wrote:
> Hello there
>
> I was wondering if anybody could help me out with a
> problem regarding sessions? I have a jsp app that is
> protected by storing a user login in the session
> object. The session object is checked to see that the
> user is logged in everytime the user accesses a
> protected page. If the user tries to go directly to a
> protected page's url, they are redirected because the
> page checks the session variable and finds that the
> session variable is null., The code that does this is;
>
>
> <%
> String user_id =
> (String)session.getAttribute("user_id");
> String user_level =
> (String)session.getAttribute("user_level");
>
> if (user_id==null) {
> /*
> *User is not logged in! Redirect
> */
> response.sendRedirect("../security/not_logged_in.html");
>
>
> }
> %>
>
> I have however, set the session.setMaxInactiveInterval
> to a period of time to log the user out automatically
> after a period of time for security reasons. But after
> the session has expired, instead of being redirected
> to the not_logged_in.html page, I get the error
> message below;
session.setMaxInactiveInterval set's the inactivate time for
that session so the problem in your code is that you try
to use the session.getAttribute() but if the the session is
invalidated it is null, hence NullPointerException. so be sure
to check if session != null before you do a session.getAttribute()
..bip
