I have got 4.0.4GA, using login form and a login module where I set certain attributes to session. When I login for first time a login form is presented and my login module is called and everything is ok (note the [STDOUT] which comes from my login module code): | 15:48:40,968 DEBUG [AuthenticatorBase] Security checking request POST /DemoWeb/j_security_check | 15:48:40,968 DEBUG [FormAuthenticator] Authenticating username 'S941' | 15:48:40,968 INFO [STDOUT] SetSessionDBLoginModule Setting attributes | 15:48:41,077 DEBUG [FormAuthenticator] Authentication of 'S941' was successful | 15:48:41,077 DEBUG [FormAuthenticator] Redirecting to original '/DemoWeb/home.jsf' | However, when I try to login for second time from another window or machine the login form is presented (ok), but my login module is not called (note no the [STDOUT] from my login module code): | 15:51:06,931 DEBUG [AuthenticatorBase] Security checking request POST /DemoWeb/j_security_check | 15:51:06,931 DEBUG [FormAuthenticator] Authenticating username 'S941' | 15:51:06,947 DEBUG [FormAuthenticator] Authentication of 'S941' was successful | 15:51:06,947 DEBUG [FormAuthenticator] Redirecting to original '/DemoWeb/home.jsf' | It looks like the authentication data is cached somewhere and the server thinks it doesn't need to authenticate the same user again. Which is wrong, because i need to set the attributes. Anybody has a clue why this happens? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3993452#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...