Hello! I use login() and commit() method of my custom LoginModule to log successful and failed logins. If was fine when I used the security domain with that LoginModule for webapps only. When I made EJB session beans to use the same security domains, the log gets "User logged in" entries every time a session bean's method is called, i.e. LoginModule's login()/commit() methods are called every time an EJB bean's method is called. Probably, it is inevitable, but can I distinguish (in login()/commit() methods) when it is "the fist/real" login (user entered info into the login form), or it is "repeated" login done by container using cached credentials? Thank you, Igor Kuzmitshov View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3999187#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...