I am running JBoss 4.3.0-cp09. This issue occurs only when the web application is deployed in a cluster. It doesn't appear in a standalone JBoss server.
I have my own custom login module authenticating against a database, where I want to let users change their password as well. My understanding was that when a user changes his password, I can call the flushAuthenticationCache() method to fush the authentication cache so that the next time, the new credentials will be picked from the request. (I'm sending the same JSESSIONID and JSESSIONIDSSO cookies that were set before changing the password). Now this seems to work fine when I'm running the application on a standalone JBoss server, but when the application is deployed on a cluster, even after flushing the authentication cache, passwordcallback returns the old password to the login module hence returning an invalid un/pw error.
Is it this expected behaviour? If it is, what should I do to make sure the new password is picked by the login module?