How to effectively destroy 'session' in Java Servlet?

Question

The Servlet I\'m working has a variable session.

I\'ve tried session.invalidate();, this seem to have destroyed session but when I do a red

Answer 1

You need to return from the method after sending the redirect.

if (request.getParameter("logout") != null) {  
    session.invalidate();
    response.sendRedirect("restanes.jsp");
    return; // <--- Here.
}

Otherwise the code will continue to run and hit some session.getAttribute() method further down in the block causing exactly this exception. At least, that's the most likely cause of the problem described so far and based on the fact that this is a pretty common starter's mistake. See also e.g. this answer.

Answer 2

Your code is okay

if(request.getParameter("logout") != null )
{  
  session.invalidate();
  response.sendRedirect("restanes.jsp");
}

but make sure the redirecting page does not contain any session attributes. 500 internal error coming from "restanes.jsp" page. work out with the redirected page and session activity.