anonymous wrote : 2)I log in as john successfully (username:john, password 1234). Principal john gets cached. | 3) I close my browser in 2 minutes. I open my browser after 10 mins. I am prompted with a login screen. When user closes browser, send a ajax request to server & do a HttpSession.invalidate(). This will clear your cached Principal from Jboss. anonymous wrote : Another question is: If we cannot call the logout, how do I log out of my web application? Would I need to try session invalidation? I am confused as to how this will remove the principal from JBoss cache. | thanks. Yes HttpSession invalidation is the way to clear the cache from jboss View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4171138#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...