User development, A new message was posted in the thread "Setting the session variables after successfull login": http://community.jboss.org/message/530212#530212 Author : Rajasundaram Gopalan Profile : http://community.jboss.org/people/rajasundaram Message: -------------------------------------------------------------- you can get the httpsession by using the following code.   HttpServletRequest httpReq = *null*;  *try* {httpReq = (HttpServletRequest) PolicyContext.+getContext+( "javax.servlet.http.HttpServletRequest");} *catch*(Exception e) {e.printStackTrace(System. +out+);}   session=httpReq.getSession( *false*);   Best way is your CustomLoginModule. -------------------------------------------------------------- To reply to this message visit the message page: http://community.jboss.org/message/530212#530212