// just go ahead redirect the browser
response.sendRedirect(ci.getSessionExpiredURL());
} else {
- // send uidl redirect
- criticalNotification(request, response, ci
- .getSessionExpiredCaption(), ci
- .getSessionExpiredMessage(), null, ci
- .getSessionExpiredURL());
/*
* Invalidate session (weird to have session if we're saying
* that it's expired, and worse: portal integration will fail
* since the session is not created by the portal.
+ *
+ * Session must be invalidated before criticalNotification as it
+ * commits the response.
*/
request.getSession().invalidate();
+
+ // send uidl redirect
+ criticalNotification(request, response, ci
+ .getSessionExpiredCaption(), ci
+ .getSessionExpiredMessage(), null, ci
+ .getSessionExpiredURL());
+
}
} catch (SystemMessageException ee) {
throw new ServletException(ee);