Is this problem similar or the same as when the session times out and the @Destroy method is invoked. Then when a user access that page after the time out an exception is thrown and the application is unrecoverable. In doing some testing I discoverd that if when the user is logged in and the session times out, the application becomes unusable. I thought the application server would handle this timeout gracefully and redirect to the login page identifed in the security settings in the web.xml Curious to know. Eric Ray View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3962513#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...