tomcat - request.getSession(false) causes java.lang.IllegalStateException -

when try session request, causes null pointer exception if session expired. given below part of code. exception on third line.

public void dofilter(servletrequest req, servletresponse res,filterchain chain) throws ioexception, servletexception { httpservletrequest httpreq = (httpservletrequest) req; httpsession session = httpreq.getsession(false); 

and here stacktrace :

java.lang.illegalstateexception: getlastaccessedtime: session invalidated @ org.apache.catalina.session.standardsession.getlastaccessedtime(standardsession.java:423) @ org.apache.catalina.session.standardsessionfacade.getlastaccessedtime(standardsessionfacade.java:84) @ com.myapp.admin.customercontext.valueunbound(customercontext.java:806) @ org.apache.catalina.session.standardsession.removeattributeinternal(standardsession.java:1686) @ org.apache.catalina.session.standardsession.expire(standardsession.java:801) @ org.apache.catalina.session.standardsession.isvalid(standardsession.java:576) @ org.apache.catalina.connector.request.dogetsession(request.java:2386) @ org.apache.catalina.connector.request.getsession(request.java:2120) @ org.apache.catalina.connector.requestfacade.getsession(requestfacade.java:833) @ com.myapp.ui.web.filter.applicationsessionfilter.dofilter(applicationsessionfilter.java:45) @ org.springframework.web.filter.delegatingfilterproxy.invokedelegate(delegatingfilterproxy.java:237) @ org.springframework.web.filter.delegatingfilterproxy.dofilter(delegatingfilterproxy.java:167) @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:235) @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:206) @ com.myapp.ui.web.filter.errorfilter.dofilter(errorfilter.java:42) @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:235) @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:206) @ org.apache.catalina.core.standardwrappervalve.invoke(standardwrappervalve.java:233) @ org.apache.catalina.core.standardcontextvalve.invoke(standardcontextvalve.java:191) @ org.apache.catalina.core.standardhostvalve.invoke(standardhostvalve.java:127) @ org.apache.catalina.valves.errorreportvalve.invoke(errorreportvalve.java:102) @ org.apache.catalina.core.standardenginevalve.invoke(standardenginevalve.java:109) @ org.apache.catalina.connector.coyoteadapter.service(coyoteadapter.java:298) @ org.apache.jk.server.jkcoyotehandler.invoke(jkcoyotehandler.java:190) @ org.apache.jk.common.handlerrequest.invoke(handlerrequest.java:291) @ org.apache.jk.common.channelsocket.invoke(channelsocket.java:776) @ org.apache.jk.common.channelsocket.processconnection(channelsocket.java:705) @ org.apache.jk.common.channelsocket$socketconnection.runit(channelsocket.java:898) @ org.apache.tomcat.util.threads.threadpool$controlrunnable.run(threadpool.java:690) @ java.lang.thread.run(thread.java:662) 

this not nullpointer exception.
illegal state exception.

this occurs when session has been invalidated/expired, , try access it.

session gets invalidated follows.

session.invalidate(); 

after invalidate called, cant use session.

session expires when timeout. after expire, if try use it, throw same exception.

these ways can manually set timeout.

set timeout in web.xml. set in minutes.

<session-config>    <session-timeout>30</session-timeout>  </session-config> 

or can set in in java well.

public void setmaxinactiveinterval(int interval)  session.setmaxinactiveinterval(30*60); // set in seconds.  

here specify time, in seconds, between client requests before servlet container invalidate session. negative time indicates session should never timeout.

make sure operation doing not taking longer timeout time. else have reset value.

edit:
not possible recover in clean manner. session invalidated/unusable, , need create new session , repopulate data. people redirected alternate error page instead of showing stack trace. "your session has expired. please login again."

use request.isrequestedsessionidvalid() identify whether session id still valid.

httpsession session =httpreg.getsession(false); if( !request.isrequestedsessionidvalid() ) {         //comes here when session invalid.         // redirect clean error page "your session has expired. please login again." } 

another option use handle illegalexceptionstate using try catch

httpsession session =httpreg.getsession(false); try {      if(session != null)      {         date date = new date(session.getlastaccessedtime());      } } catch( illegalstateexception ex ) {       //comes here when session invalid.       // redirect clean error page "your session has expired. please login again." } 

side note: if have process taking long time complete , sessions timing out (ex: parsing large data records ). should consider taking them out of web application, , use simple java run them process.