You aren't returning after the forward when the login and/or password is not been supplied. It's a common misconception among starters that the forward() method magically terminates the code execution and jumps out of the method somehow. This is thus not true. You have to return from the method and stop the execution of the remnant of the code yourself.
You need to either add a return;
if ((login==null)|(password==null)){
RequestDispatcher requestDispatcher = request.getRequestDispatcher("/login.jsp");
requestDispatcher.forward(request, response);
return;
}
Or to add an else
if ((login==null)|(password==null)){
RequestDispatcher requestDispatcher = request.getRequestDispatcher("/login.jsp");
requestDispatcher.forward(request, response);
} else {
// Now we think that we are successfully logged in.
// Yes, that above comment is now finally true.
// Put your bunch of non-DRY if-else code here.
}
See also:
- java.lang.IllegalStateException: Cannot (forward | sendRedirect | create session) after response has been committed
