I use DatabaseServerLoginModule for jboss authentication web application supported by MySQL. The function is working. But there is a problem when a user changes password. The old password is cached and the new password will not work if I close the browser and login again. I try to delete the cookies, local internet data whatever, it won't work. If I restart Jboss server, the new password takes effect. So, please let me know how can I change the behavior of security manager or loginmodule that they don't cache any password. I also find this thread with similar issue, but unfortunately no answer http://www.jboss.com/index.html?module=bb&op=viewtopic&t=128691 The new password is supposed taking effect after the next login, but it actually does not. This is a serious negative behavior issue because it is quite normal that a user change his/her password. Many systems even force user to change password frequently. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4173162#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...