Gentlemen I'm very interested in the issue of logging out as well. I have read many articles on the subject and nothing has worked so far. I'm authenticating with org.jboss.security.auth.spi.LdapExtLoginModule by redirecting users to /auth/portal/myPortal/myPage. This is working well. I have tried to invalidate the HttpSession and the PortletSession, but neither is working. I have my browsers configured to never save passwords for my dev site, so I'm not sure how they are automatically logging the user back in. Furthermore, invalidating my session is not erasing variables that my portlets have stored in the session - something I will post on another topic, but seemingly associated with my authenticated 'flag' not being reset. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4040030#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...