How to effectively destroy 'session' in Java Servlet?

Question

The Servlet I\'m working has a variable session.

I\'ve tried session.invalidate();, this seem to have destroyed session but when I do a red

Answer 1

You need to return from the method after sending the redirect.

if (request.getParameter("logout") != null) {  
    session.invalidate();
    response.sendRedirect("restanes.jsp");
    return; // <--- Here.
}

Otherwise the code will continue to run and hit some session.getAttribute() method further down in the block causing exactly this exception. At least, that's the most likely cause of the problem described so far and based on the fact that this is a pretty common starter's mistake. See also e.g. this answer.