Vladimir Kishlaly [https://community.jboss.org/people/mkind] created the discussion "Login module and session issues" To view the discussion, visit: https://community.jboss.org/message/772973#772973 -------------------------------------------------------------- Hi! I've created a simple login module based on org.jboss.security.auth.spi.UsernamePasswordLoginModule. Also, created a new security domain: [code] <security-domain name="mydomain" cache-type="default">      <authentication>           <login-module code="com.test.MylLoginModule" flag="required"></login-module>      </authentication> </security-domain> [/code] jboss-web.xml: [code] <jboss-web>      <context-root>myapp</context-root>      <security-domain>mydomain</security-domain>      <disable-audit>true</disable-audit> </jboss-web> [/code] Authentication configuration in web.xml: [code] <login-config>      <auth-method>FORM</auth-method>      <form-login-config>           <form-login-page>/login.jsp</form-login-page>           <form-error-page>/loginerror.jsp</form-error-page>      </form-login-config> </login-config> [/code] All works fine, but if to login from several different places (computers), session sometimes seems "shared": login/logout in app running in one machine causes login/logout for the application running on another. In other words, two users trying to login using the same credentials, but from different places. I was sure such authentication mechanizm works with browser session, isn't it? -------------------------------------------------------------- Reply to this message by going to Community [https://community.jboss.org/message/772973#772973] Start a new discussion in JBoss AS 7 Development at Community [https://community.jboss.org/choose-container!input.jspa?contentType=1&...]