Dear community, I am rather new to the JbossSX / JAAS topic and thus, I searched the forum to understand my problems, but I am not sure if I got everthing right. Scenario: I successfully secured a test web application via my custom login module and declarative security. Wonderful, but regarding the logout of an authenticated subject I got some problems / questions. Question 1: I first used Basic Auth ... read the solution within the forum that session.invalidate does not work. Thus, I switched to Form Auth (incl. j_security_check) ... session.invalidate does not work neither. Wrong ... it works, but the browser caches the credentials and performs itself a re-login (right?). Is there any other (easy / designated) solution than restarting the browser? Question 1a: I read that the manually invocation of the Basic Auth Popup is not possible, ok. Is this possible using Form Auth? If yes, then I could store an logout-attribute, check this at each page call and so I'd have a workaround regarding the browser's credential caching... Question 2: Is there a possibility to retreive the current LoginContext (although I didn't create the LoginContext instance within my code) in order to manually perform the logout method of my custom login module? I'd be so glad for helpful suggestions and solutions - and please don't damn me, if I missed an existing solution-topic and thus didn't read it :-/ Thx View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4037586#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...