I can't see exactly the details of how GWT get the logged user information (the "principal"). but obviously, the GWT application does not know that the Principal is not anymore "out of use". two way : - at each request, the GWT re get the Principal (and may all other login information) - when the session is invalidate(), a event is sent to the GWT, so it also invalidate the user informations. globally : look the details of how the GWT get the userPrincipal from the session, and see why it keeps it after the log out. hope it helps... View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4107987#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...