As far as I am aware, it isn't possible. The JBoss caching mechanism doesn't/can't distinguish between where the authentication request comes from - e.g. a new browser session vs. new page request vs. EJB call. You can try setting the timeout to 1 second, which would effectively force every page request to hit the LoginModule again, or to 0 seconds which would cause every authentication request (including EJB calls) to hit the login module. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4041203#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...