Ooooh yeah, this code... anonymous wrote : // get the current subject and its context within the security realm | final javax.security.auth.Subject subject = (javax.security.auth.Subject) new javax.naming.InitialContext().lookup("java:comp/env/security/subject"); | final javax.security.auth.login.LoginContext context = new javax.security.auth.login.LoginContext("security.realm", subject); ... helps! Thank you very much! @nollie: If you use Basic Authentication then the session invalidation will not work by concept. Using Form Authentication you'll have no problems. I only got troubles using a JSF Web Project, but I think this is "just" because of a configuration error of me... View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4040094#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...