Ok; I have simplified my test and removed my portal from the equation; I am simply using JSPs and the LdapExtLoginModule, and BASIC authentication. I still observe the same issue ? where I am granted access to resources when I would expect to have to re-login after invalidating my session. I have a secure directory which has a resource constraint on it. In the secure directory, I have a invalidate.jsp file. When this jsp file is visited, I invalidate the session. I would then expect I would not be able to visit any other pages under my secure directory; rather, I would expect that I would be prompted to login again if I visit another page under my secure directory. It appears that even though I have set flushOnSessionInvalidation=true in my jboss-web.xml configuration, it appears that caching is still going on and the LdapExtLoginModule.login is being called w/o having me needing to reenter the password through the BASIC authentication dialog box. Here is the output from my simplified test program. The session invalidation occurs at 2006-12-11 23:22:47,446 and the auto re-login occurs at 2006-12-11 23:23:28,886. How do I disable this caching and force a re-login? 2006-12-11 23:22:44,304 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[SecretProtection]' against GET /pages/secure/invalidate.jsp --> false | 2006-12-11 23:22:44,304 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure pages]' against GET /pages/secure/invalidate.jsp --> true | 2006-12-11 23:22:44,305 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[SecretProtection]' against GET /pages/secure/invalidate.jsp --> false | 2006-12-11 23:22:44,305 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure pages]' against GET /pages/secure/invalidate.jsp --> true | 2006-12-11 23:22:44,305 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling hasUserDataPermission() | 2006-12-11 23:22:44,305 DEBUG [org.apache.catalina.realm.RealmBase] User data constraint has no restrictions | 2006-12-11 23:22:44,305 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling authenticate() | 2006-12-11 23:22:44,305 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] Begin authenticate, username=testuser | 2006-12-11 23:22:44,306 TRACE [org.jboss.security.plugins.JaasSecurityManager.mydomain] Begin isValid, principal:testuser, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@bcecc7[Subject(7838822).principals=org.jboss.security.SimplePrincipal@32394345(testuser)org.jboss.security.SimpleGroup@27381857(Roles(members:trader)),credential.class=java.lang.String@21479899,expirationTime=1165899151778] | 2006-12-11 23:22:44,306 TRACE [org.jboss.security.plugins.JaasSecurityManager.mydomain] Begin validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@bcecc7[Subject(7838822).principals=org.jboss.security.SimplePrincipal@32394345(testuser)org.jboss.security.SimpleGroup@27381857(Roles(members:trader)),credential.class=java.lang.String@21479899,expirationTime=1165899151778];credential.class=java.lang.String@21479899 | 2006-12-11 23:22:44,306 TRACE [org.jboss.security.plugins.JaasSecurityManager.mydomain] End validateCache, isValid=true | 2006-12-11 23:22:44,306 TRACE [org.jboss.security.plugins.JaasSecurityManager.mydomain] End isValid, true | 2006-12-11 23:22:44,306 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] User: testuser is authenticated | 2006-12-11 23:22:44,306 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Subject: | Principal: testuser | Principal: Roles(members:trader) | , sc=org.jboss.security.SecurityAssociation$SubjectContext@d34b8c{principal=testuser,subject=325274} | | 2006-12-11 23:22:44,306 TRACE [org.jboss.security.plugins.JaasSecurityManager.mydomain] getPrincipal, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@bcecc7[Subject(7838822).principals=org.jboss.security.SimplePrincipal@32394345(testuser)org.jboss.security.SimpleGroup@27381857(Roles(members:trader)),credential.class=java.lang.String@21479899,expirationTime=1165899151778] | 2006-12-11 23:22:44,306 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] Mapped from input principal: testuserto: testuser | 2006-12-11 23:22:44,306 TRACE [org.jboss.security.SecurityAssociation] getSubject, sc=org.jboss.security.SecurityAssociation$SubjectContext@d34b8c{principal=testuser,subject=325274} | 2006-12-11 23:22:44,307 TRACE [org.jboss.security.plugins.JaasSecurityManager.mydomain] getUserRoles, subject: Subject: | Principal: testuser | Principal: Roles(members:trader) | | 2006-12-11 23:22:44,307 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] End authenticate, principal=GenericPrincipal[testuser(trader,)] | 2006-12-11 23:22:44,307 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Authenticated 'testuser' with type 'BASIC' | 2006-12-11 23:22:44,307 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling accessControl() | 2006-12-11 23:22:44,307 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] Checking roles GenericPrincipal[testuser(trader,)] | 2006-12-11 23:22:44,307 DEBUG [org.apache.catalina.realm.RealmBase] Username testuser has role trader | 2006-12-11 23:22:44,307 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] No role found: trader | 2006-12-11 23:22:44,307 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Successfully passed all security constraints | 2006-12-11 23:22:44,307 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] Begin invoke, callerGenericPrincipal[testuser(trader,)] | 2006-12-11 23:22:44,307 TRACE [org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null | 2006-12-11 23:22:44,307 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] Restoring principal info from cache | 2006-12-11 23:22:44,307 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Subject: | Principal: testuser | Principal: Roles(members:trader) | , sc=org.jboss.security.SecurityAssociation$SubjectContext@1da1845{principal=testuser,subject=325274} | 2006-12-11 23:22:44,307 TRACE [org.jboss.web.tomcat.security.RunAsListener] jsp, runAs: null | 2006-12-11 23:22:44,307 TRACE [org.jboss.web.tomcat.security.RunAsListener] jsp, runAs: null | 2006-12-11 23:22:46,648 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1165897366647 sessioncount 0 | 2006-12-11 23:22:46,648 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 1 expired sessions: 0 | 2006-12-11 23:22:46,648 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1165897366648 sessioncount 0 | 2006-12-11 23:22:46,648 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 0 expired sessions: 0 | 2006-12-11 23:22:47,435 TRACE [org.jboss.web.tomcat.security.SecurityFlushSessionListener] Session Created with id=1C3E4585A5D9B5916FB1C2B2DDC911C9 | 2006-12-11 23:22:47,446 INFO [STDOUT] Invalidating session... | 2006-12-11 23:22:47,446 INFO [STDOUT] ***** request = org.apache.catalina.connector.RequestFacade@1024864 | 2006-12-11 23:22:47,447 DEBUG [org.apache.catalina.realm.RealmBase] Username testuser has role trader | 2006-12-11 23:22:47,447 INFO [STDOUT] Invalidating the session: org.apache.catalina.session.StandardSessionFacade@deb65f | 2006-12-11 23:22:47,447 TRACE [org.jboss.web.tomcat.security.SecurityFlushSessionListener] Session Destroy with id=1C3E4585A5D9B5916FB1C2B2DDC911C9 | 2006-12-11 23:22:47,450 TRACE [org.jboss.security.SecurityAssociation] getSubject, sc=org.jboss.security.SecurityAssociation$SubjectContext@1da1845{principal=testuser,subject=325274} | 2006-12-11 23:22:47,450 TRACE [org.jboss.web.tomcat.security.SecurityFlushSessionListener] Jacc Subject = Subject: | Principal: testuser | Principal: Roles(members:trader) | | 2006-12-11 23:22:47,450 TRACE [org.jboss.web.tomcat.security.SecurityFlushSessionListener] securityDomain=mydomain | 2006-12-11 23:22:47,450 TRACE [org.jboss.web.tomcat.security.SecurityFlushSessionListener] Authenticated Principal=testuser2006-12-11 23:22:47,450 TRACE [org.jboss.web.tomcat.security.SecurityFlushSessionListener] Before flush of authentication cache:: | 2006-12-11 23:22:47,451 TRACE [org.jboss.web.tomcat.security.SecurityFlushSessionListener] Number of authenticated principals remaining in cache=1 | 2006-12-11 23:22:47,451 TRACE [org.jboss.web.tomcat.security.SecurityFlushSessionListener] Authenticated principal in cache=testuser | 2006-12-11 23:22:47,451 TRACE [org.jboss.security.plugins.JaasSecurityManager$DomainInfo] destroy, subject=Subject: | Principal: testuser | Principal: Roles(members:trader) | , this=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@bcecc7[Subject(7838822).principals=org.jboss.security.SimplePrincipal@32394345(testuser)org.jboss.security.SimpleGroup@27381857(Roles(members:trader)),credential.class=java.lang.String@21479899,expirationTime=1165899151778], activeUsers=0 | 2006-12-11 23:22:47,451 TRACE [org.jboss.security.plugins.JaasSecurityManager$DomainInfo] logout, subject=Subject: | Principal: testuser | Principal: Roles(members:trader) | , this=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@bcecc7[Subject(7838822).principals=org.jboss.security.SimplePrincipal@32394345(testuser)org.jboss.security.SimpleGroup@27381857(Roles(members:trader)),credential.class=java.lang.String@21479899,expirationTime=1165899151778] | 2006-12-11 23:22:47,451 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] logout | 2006-12-11 23:22:47,451 TRACE [org.jboss.web.tomcat.security.SecurityFlushSessionListener] After flush of authentication cache:: | 2006-12-11 23:22:47,451 TRACE [org.jboss.web.tomcat.security.SecurityFlushSessionListener] Number of authenticated principals remaining in cache=0 | 2006-12-11 23:22:47,452 TRACE [org.jboss.web.tomcat.security.RunAsListener] jsp, runAs: null | 2006-12-11 23:22:47,452 TRACE [org.jboss.web.tomcat.security.RunAsListener] jsp, runAs: null | 2006-12-11 23:22:47,453 TRACE [org.jboss.security.SecurityAssociation] popRunAsIdentity, runAs=null | 2006-12-11 23:22:47,453 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] End invoke, callerGenericPrincipal[testuser(trader,)] | 2006-12-11 23:22:47,453 TRACE [org.jboss.security.SecurityAssociation] clear, server=true | 2006-12-11 23:22:56,650 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1165897376650 sessioncount 0 | 2006-12-11 23:22:56,650 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 0 expired sessions: 0 | 2006-12-11 23:23:16,653 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1165897396653 sessioncount 0 | 2006-12-11 23:23:16,653 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 0 expired sessions: 0 | 2006-12-11 23:23:16,653 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1165897396653 sessioncount 0 | 2006-12-11 23:23:16,653 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 0 expired sessions: 0 | 2006-12-11 23:23:20,538 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request GET /testsec/pages/ | 2006-12-11 23:23:20,538 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[SecretProtection]' against GET /pages/ --> false | 2006-12-11 23:23:20,538 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure pages]' against GET /pages/ --> false | 2006-12-11 23:23:20,538 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[SecretProtection]' against GET /pages/ --> false | 2006-12-11 23:23:20,538 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure pages]' against GET /pages/ --> false | 2006-12-11 23:23:20,538 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[SecretProtection]' against GET /pages/ --> false | 2006-12-11 23:23:20,538 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure pages]' against GET /pages/ --> false | 2006-12-11 23:23:20,538 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[SecretProtection]' against GET /pages/ --> false | 2006-12-11 23:23:20,538 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure pages]' against GET /pages/ --> false | 2006-12-11 23:23:20,538 DEBUG [org.apache.catalina.realm.RealmBase] No applicable constraint located | 2006-12-11 23:23:20,539 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Not subject to any constraint | 2006-12-11 23:23:20,539 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] Begin invoke, callernull | 2006-12-11 23:23:20,539 TRACE [org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null | 2006-12-11 23:23:20,539 TRACE [org.jboss.web.tomcat.security.RunAsListener] default, runAs: null | 2006-12-11 23:23:20,539 TRACE [org.jboss.web.tomcat.security.RunAsListener] default, runAs: null | 2006-12-11 23:23:20,541 TRACE [org.jboss.web.tomcat.security.RunAsListener] default, runAs: null | 2006-12-11 23:23:20,541 TRACE [org.jboss.web.tomcat.security.RunAsListener] default, runAs: null | 2006-12-11 23:23:20,541 TRACE [org.jboss.security.SecurityAssociation] popRunAsIdentity, runAs=null | 2006-12-11 23:23:20,541 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] End invoke, callernull | 2006-12-11 23:23:20,541 TRACE [org.jboss.security.SecurityAssociation] clear, server=true | 2006-12-11 23:23:28,885 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request GET /testsec/pages/secure/ | 2006-12-11 23:23:28,885 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[SecretProtection]' against GET /pages/secure/ --> false | 2006-12-11 23:23:28,885 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure pages]' against GET /pages/secure/ --> true | 2006-12-11 23:23:28,885 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[SecretProtection]' against GET /pages/secure/ --> false | 2006-12-11 23:23:28,885 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[secure pages]' against GET /pages/secure/ --> true | 2006-12-11 23:23:28,885 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling hasUserDataPermission() | 2006-12-11 23:23:28,885 DEBUG [org.apache.catalina.realm.RealmBase] User data constraint has no restrictions | 2006-12-11 23:23:28,885 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling authenticate() | 2006-12-11 23:23:28,885 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] Begin authenticate, username=testuser | 2006-12-11 23:23:28,886 TRACE [org.jboss.security.plugins.JaasSecurityManager.mydomain] Begin isValid, principal:testuser, cache info: null | 2006-12-11 23:23:28,886 TRACE [org.jboss.security.plugins.JaasSecurityManager.mydomain] defaultLogin, principal=testuser | 2006-12-11 23:23:28,886 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(mydomain), authInfo=AppConfigurationEntry[]: | [0] | LoginModule Class: org.jboss.security.auth.spi.LdapExtLoginModule | ControlFlag: LoginModuleControlFlag: required | Options:name=roleFilter, value=(memberUid={0}) | name=baseFilter, value=(uid={0}) | name=bindCredential, value=somePortal | name=bindDN, value=cn=SomePortal,dc=somebrokerage,dc=com | name=roleRecursion, value=-1 | name=java.naming.provider.url, value=ldap://ldapserver:389 | name=roleAttributeID, value=cn | name=baseCtxDN, value=dc=somebrokerage,dc=com | name=rolesCtxDN, value=ou=Group,dc=somebrokerage,dc=com | | 2006-12-11 23:23:28,886 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] initialize, instance=@8443349 | 2006-12-11 23:23:28,886 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] login | 2006-12-11 23:23:28,906 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] Assign user to role trader | 2006-12-11 23:23:28,907 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] User 'testuser' authenticated, loginOk=true | 2006-12-11 23:23:28,907 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] commit, loginOk=true | 2006-12-11 23:23:28,907 TRACE [org.jboss.security.plugins.JaasSecurityManager.mydomain] defaultLogin, lc=javax.security.auth.login.LoginContext@56c88c, subject=Subject(25727428).principals=org.jboss.security.SimplePrincipal@32394345(testuser)org.jboss.security.SimpleGroup@27381857(Roles(members:trader)) | 2006-12-11 23:23:28,907 TRACE [org.jboss.security.plugins.JaasSecurityManager.mydomain] updateCache, inputSubject=Subject(25727428).principals=org.jboss.security.SimplePrincipal@32394345(testuser)org.jboss.security.SimpleGroup@27381857(Roles(members:trader)), cacheSubject=Subject(18477885).principals=org.jboss.security.SimplePrincipal@32394345(testuser)org.jboss.security.SimpleGroup@27381857(Roles(members:trader)) | 2006-12-11 23:23:28,907 TRACE [org.jboss.security.plugins.JaasSecurityManager.mydomain] Inserted cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@b041f3[Subject(18477885).principals=org.jboss.security.SimplePrincipal@32394345(testuser)org.jboss.security.SimpleGroup@27381857(Roles(members:trader)),credential.class=java.lang.String@21479899,expirationTime=1165899151778] | 2006-12-11 23:23:28,907 TRACE [org.jboss.security.plugins.JaasSecurityManager.mydomain] End isValid, true | 2006-12-11 23:23:28,907 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] User: testuser is authenticated | 2006-12-11 23:23:28,907 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Subject: | Principal: testuser | Principal: Roles(members:trader) | , sc=org.jboss.security.SecurityAssociation$SubjectContext@1b9e1e7{principal=testuser,subject=10368983} | 2006-12-11 23:23:28,908 TRACE [org.jboss.security.plugins.JaasSecurityManager.mydomain] getPrincipal, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@b041f3[Subject(18477885).principals=org.jboss.security.SimplePrincipal@32394345(testuser)org.jboss.security.SimpleGroup@27381857(Roles(members:trader)),credential.class=java.lang.String@21479899,expirationTime=1165899151778] | 2006-12-11 23:23:28,908 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] Mapped from input principal: testuserto: testuser | 2006-12-11 23:23:28,908 TRACE [org.jboss.security.SecurityAssociation] getSubject, sc=org.jboss.security.SecurityAssociation$SubjectContext@1b9e1e7{principal=testuser,subject=10368983} | 2006-12-11 23:23:28,908 TRACE [org.jboss.security.plugins.JaasSecurityManager.mydomain] getUserRoles, subject: Subject: | Principal: testuser | Principal: Roles(members:trader) | | 2006-12-11 23:23:28,908 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] End authenticate, principal=GenericPrincipal[testuser(trader,)] | 2006-12-11 23:23:28,908 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Authenticated 'testuser' with type 'BASIC' | 2006-12-11 23:23:28,908 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling accessControl() | 2006-12-11 23:23:28,908 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] Checking roles GenericPrincipal[testuser(trader,)] | 2006-12-11 23:23:28,908 DEBUG [org.apache.catalina.realm.RealmBase] Username testuser has role trader | 2006-12-11 23:23:28,908 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] No role found: trader | 2006-12-11 23:23:28,908 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Successfully passed all security constraints | 2006-12-11 23:23:28,908 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] Begin invoke, callerGenericPrincipal[testuser(trader,)] | 2006-12-11 23:23:28,908 TRACE [org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null | 2006-12-11 23:23:28,908 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] Restoring principal info from cache | 2006-12-11 23:23:28,909 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Subject: | Principal: testuser | Principal: Roles(members:trader) | , sc=org.jboss.security.SecurityAssociation$SubjectContext@1642565{principal=testuser,subject=10368983} | 2006-12-11 23:23:28,909 TRACE [org.jboss.web.tomcat.security.RunAsListener] default, runAs: null | 2006-12-11 23:23:28,909 TRACE [org.jboss.web.tomcat.security.RunAsListener] default, runAs: null | 2006-12-11 23:23:28,910 TRACE [org.jboss.web.tomcat.security.RunAsListener] default, runAs: null | 2006-12-11 23:23:28,910 TRACE [org.jboss.web.tomcat.security.RunAsListener] default, runAs: null | 2006-12-11 23:23:28,910 TRACE [org.jboss.security.SecurityAssociation] popRunAsIdentity, runAs=null | 2006-12-11 23:23:28,910 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] End invoke, callerGenericPrincipal[testuser(trader,)] | 2006-12-11 23:23:28,910 TRACE [org.jboss.security.SecurityAssociation] clear, server=true | 2006-12-11 23:23:36,657 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1165897416657 sessioncount 0 | 2006-12-11 23:23:36,657 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 0 expired sessions: 0 | 2006-12-11 23:23:36,657 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1165897416657 sessioncount 0 | 2006-12-11 23:23:36,657 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 0 expired sessions: 0 View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3992970#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...