I'm trying to implement programmatic Web login on JBoss 5.0.1 GA. After I made my custom login module working, I ran into the following issue. When I log the user in (by using WebAuthentication.login()), all user-related methods (such as getRemoteUser and isUserInRole) work correctly. On next request, however, it seems like the association is lost - getUserPrincipal/getRemoteUser return null, etc. I know that with form-based auth, once security check is triggered and user is logged in, it remains logged-in until the session expires. Why isn't that so with programmatic login? Is this something I'm doing wrong on my end, or is that how WebAuthentication is supposed to work? View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4233075#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...