Hi,
I'm using for users authorization databaseloginmodule and password hashing.
Everything is working ok, but I would like to ask user for his name and password after 10 minutes time.
So I set in JavaSecurityManagerService Bean DefaultCacheTime=600 and I linked this with tag in definition of security domain with sessiontime out, which is also 10 minutes.

I thought that would be enough but it doesn't work properly.
I checked through jmx-console and after 10 minutes jboss server clears his cache and there no information about logged users but after those 10 minutes user doesn't have to give his name and password, he can go to another page without notice that server cleared his cache.

I tried to clear client's header cache as response.reset() but it doesn't work.

What am I doing wrong?