RanPaul RanPaul - 4 months ago 42
Java Question

Spring java.lang.IllegalStateException: Cannot create a session after the response has been committed

I am having a session management issue in my spring application, here is the scenario.
When a user opens my app URL it'll ask for credentials and logs in. After the user looged in and if he open a new tab and paste my app URL it'll ask for credentials again and user logs in.

Now if the user logs out in tab1 and if user wants to performs any operation in second tab user gets an error with below stacktrace and logs out.

Oct 10, 2014 3:11:27 PM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet [CollPortal] in context with path [/CollPortal] threw exception
java.lang.IllegalStateException: Cannot create a session after the response has been committed
at org.apache.catalina.connector.Request.doGetSession(Request.java:2886)
at org.apache.catalina.connector.Request.getSession(Request.java:2316)
at org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:898)
at org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:910)
at com.dc.core.common.FlashRecyclingFilter.doFilterInternal(FlashRecyclingFilter.java:22)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at com.dc.core.common.StripJSessionIdFilter.doFilter(StripJSessionIdFilter.java:101)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:722)


Here is my
FlashRecyclingFilter


@Component
public class FlashRecyclingFilter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
super.doFilter(request, response, filterChain);
IFlash flash = new Flash(request.getSession());
flash.recycle();
}
}


How do I make sure user should be able to perform operations in one tab when the user is logged out in another tab? Can anyone please help me with my issue?

Answer

What happens is that Spring probably sends redirect to the login page, while your custom filter tries to create session (which can not be done as the response has been already sent).

You should modify your filter so that it does not eagerly create the session on its own:

super.doFilter(request, response, filterChain);
HttpSession session = request.getSession(false);
if (session != null) {
    IFlash flash = new Flash(session);
    flash.recycle();
}
Comments